@backstage/plugin-techdocs-backend@0.0.0-nightly-20221229022335 vulnerabilities

The Backstage backend plugin that renders technical documentation for your components

Direct Vulnerabilities

Known vulnerabilities in the @backstage/plugin-techdocs-backend package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free
VulnerabilityVulnerable Version
  • M
Protection Mechanism Failure

@backstage/plugin-techdocs-backend is a The Backstage backend plugin that renders technical documentation for your components

Affected versions of this package are vulnerable to Protection Mechanism Failure in the TechDocs content. The victim's browser will be executed when browsing documentation or navigating to an attacker-provided link.

Note: This is only exploitable if the attacker has control of the contents of the TechDocs storage buckets

How to fix Protection Mechanism Failure?

Upgrade @backstage/plugin-techdocs-backend to version 1.10.13 or higher.

<1.10.13
  • H
Relative Path Traversal

@backstage/plugin-techdocs-backend is a The Backstage backend plugin that renders technical documentation for your components

Affected versions of this package are vulnerable to Relative Path Traversal when using the AWS S3 or GCS storage provider for TechDocs.

How to fix Relative Path Traversal?

Upgrade @backstage/plugin-techdocs-backend to version 1.10.13 or higher.

<1.10.13