@backstage/plugin-techdocs-node 0.0.0-nightly-20250708024259 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @backstage/plugin-techdocs-node package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Directory Traversal @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Directory Traversal via the `TechdocsGenerator` function when processing documentation from untrusted sources. An attacker can access sensitive files outside the intended directory by submitting symlinks within the docs, resulting in file contents being embedded into generated HTML and exposed to users who can view the documentation. How to fix Directory Traversal? Upgrade `@backstage/plugin-techdocs-node` to version 1.13.11, 1.14.1 or higher.	<1.13.11>=1.14.0 <1.14.1
H Arbitrary Code Injection @backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Arbitrary Code Injection via the processing of MkDocs hooks, when TechDocs is configured with `runIn: local`. An attacker who can submit or modify a repository's `mkdocs.yml` file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration. How to fix Arbitrary Code Injection? Upgrade `@backstage/plugin-techdocs-node` to version 1.13.11, 1.14.1 or higher.	<1.13.11>=1.14.0 <1.14.1

Vulnerability

Vulnerable Version

Directory Traversal

@backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli

Affected versions of this package are vulnerable to Directory Traversal via the TechdocsGenerator function when processing documentation from untrusted sources. An attacker can access sensitive files outside the intended directory by submitting symlinks within the docs, resulting in file contents being embedded into generated HTML and exposed to users who can view the documentation.

How to fix Directory Traversal?

Upgrade @backstage/plugin-techdocs-node to version 1.13.11, 1.14.1 or higher.

<1.13.11>=1.14.0 <1.14.1

Arbitrary Code Injection

@backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli

Affected versions of this package are vulnerable to Arbitrary Code Injection via the processing of MkDocs hooks, when TechDocs is configured with runIn: local. An attacker who can submit or modify a repository's mkdocs.yml file can execute arbitrary Python code on the TechDocs build server via MkDocs hooks configuration.

How to fix Arbitrary Code Injection?

Upgrade @backstage/plugin-techdocs-node to version 1.13.11, 1.14.1 or higher.

<1.13.11>=1.14.0 <1.14.1

@backstage/plugin-techdocs-node@0.0.0-nightly-20250708024259 vulnerabilities

Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli

latest version

latest non vulnerable version

first published

latest version published

Direct Vulnerabilities

Fix vulnerabilities automatically