@backstage/plugin-catalog-backend@0.23.0 vulnerabilities
The Backstage backend plugin that provides the Backstage catalog
-
latest version
1.15.0
-
latest non vulnerable version
-
first published
3 years ago
-
latest version published
24 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @backstage/plugin-catalog-backend package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
@backstage/plugin-catalog-backend is a The Backstage backend plugin that provides the Backstage catalog Affected versions of this package are vulnerable to Cross-site Scripting (XSS) due to improper input sanitization, which allows an attacker with access to add or modify content in an instance of the backstage software to inject a malicious script via the URLs in the entities of the catalog. How to fix Cross-site Scripting (XSS)? Upgrade |
>=0.1.1-alpha.9 <1.7.2
|