Lucene search
+L

4 matches found

osv
osv
added 2026/06/04 1:45 p.m.11 views

ROOT-APP-NPM-CVE-2026-24046 CVE-2026-24046 in @rootio/backstage__backend-defaults - Patched by Root

Root has patched CVE-2026-24046 in the @rootio/backstagebackend-defaults package for Root:npm. Multiple fixed versions available...

9.1CVSS5.8AI score0.00478EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/03/05 12:20 a.m.9 views

@backstage/backend-defaults (>=0.15.3-next.0 <=0.16.0-next.2), @backstage/backend-dynamic-feature-service (>=0.7.10-next.0 <=0.8.0-next.2) +69 more potentially affected by CVE-2026-29185 via @backstage/integration (>=1.21.0-next.0 <=2.0.0-next.2)

@backstage/integration NPM version =1.21.0-next.0, =0.15.3-next.0, =0.7.10-next.0, =1.11.1-next.0, =0.5.9-next.0, =1.1.21-next.0, =0.15.1-next.0, =0.4.1-next.0, =0.5.1-next.0, =1.2.16-next.0, =0.13.5-next.0, =0.4.1-next.0, =0.3.8-next.0, =1.33.1-next.0, =3.5.0-next.0, =0.4.21-next.0, =0.4.21-next...

2.7CVSS5.7AI score0.00348EPSS
Exploits0
vulnersosv
vulnersosv
added 2026/01/21 10:49 p.m.7 views

@alithya-oss/backstage-plugin-aws-apps-backend (=0.4.7), @alithya-oss/backstage-plugin-changelog-backend (=1.0.3) +165 more potentially affected by CVE-2026-24048 via @backstage/backend-defaults (>=0.0.0-nightly-20240929023448 <=0.12.1-next.1)

@backstage/backend-defaults NPM version =0.0.0-nightly-20240929023448, =1.0.7, =0.1.8, =0.3.10, =0.3.6, =0.1.0, =0.4.0, =4.6.0, =0.10.0, =0.12.0 and more Source cves: CVE-2026-24048 Source advisory: OSV:GHSA-Q2X5-4XJX-C6P9...

3.7CVSS5.4AI score0.00201EPSS
Exploits0
snyk
snyk
added 2026/01/21 10:49 p.m.4 views

Server-side Request Forgery (SSRF)

Overview @backstage/backend-defaults is a Backend defaults used by Backstage backend apps Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FetchUrlReader component that automatically follows HTTP redirects. An attacker can access internal or sensitive...

3.5CVSS5.7AI score0.00201EPSS
Exploits0References2
Rows per page
Query Builder