@backstage/plugin-techdocs-backend@1.10.7 vulnerabilities

The Backstage backend plugin that renders technical documentation for your components

  • latest version

    1.11.4

  • latest non vulnerable version

  • first published

    4 years ago

  • latest version published

    5 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the @backstage/plugin-techdocs-backend package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Protection Mechanism Failure

    @backstage/plugin-techdocs-backend is a The Backstage backend plugin that renders technical documentation for your components

    Affected versions of this package are vulnerable to Protection Mechanism Failure in the TechDocs content. The victim's browser will be executed when browsing documentation or navigating to an attacker-provided link.

    Note: This is only exploitable if the attacker has control of the contents of the TechDocs storage buckets

    How to fix Protection Mechanism Failure?

    Upgrade @backstage/plugin-techdocs-backend to version 1.10.13 or higher.

    <1.10.13
    • H
    Relative Path Traversal

    @backstage/plugin-techdocs-backend is a The Backstage backend plugin that renders technical documentation for your components

    Affected versions of this package are vulnerable to Relative Path Traversal when using the AWS S3 or GCS storage provider for TechDocs.

    How to fix Relative Path Traversal?

    Upgrade @backstage/plugin-techdocs-backend to version 1.10.13 or higher.

    <1.10.13