0.11.15
3 years ago
2 years ago
Known vulnerabilities in the @backstage/techdocs-common package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
@backstage/techdocs-common is a Common functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Directory Traversal. Folder traversal is possible via How to fix Directory Traversal? Upgrade | <0.6.5 |
@backstage/techdocs-common is a Common functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Directory Traversal. A malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for How to fix Directory Traversal? Upgrade | <0.6.3 |
@backstage/techdocs-common is a Common functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli Affected versions of this package are vulnerable to Cross-site Scripting (XSS). A malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitization will be bypassed. If the TechDocs API is hosted on the same origin as the Backstage app or other backend plugins, this may give access to sensitive data. How to fix Cross-site Scripting (XSS)? Upgrade | <0.6.4 |