3 matches found
CVE-2023-25571
Backstage is an open platform for building developer portals. @backstage/catalog-model prior to version 1.2.0, @backstage/core-components prior to 0.12.4, and @backstage/plugin-catalog-backend prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicio...
@backstage/backend-app-api (>=0.0.0-nightly-20241117023529 <=0.0.0-nightly-20260519032312), @backstage/backend-defaults (>=0.0.0-nightly-20241117023529 <=0.0.0-nightly-20260519032312) +274 more potentially affected by CVE-2023-25571 via @backstage/catalog-model (>=0.0.0-nightly-20220708025041 <=1.1.5)
@backstage/catalog-model NPM version =0.0.0-nightly-20220708025041, =0.0.0-nightly-20241117023529, =0.0.0-nightly-20241117023529, =0.0.0-nightly-20241117023529, =0.0.0-nightly-20241117023529, =0.0.0-nightly-20241117023529, =0.0.0-nightly-20241117023529, =0.0.0-nightly-2021442275,...
backstage 跨站脚本漏洞
backstage is an application. Backstage is an open platform for building developer portals. A security vulnerability exists in backstage catalog-model prior to 1.2.0, backstage core-components prior to 0.12.4, and backstage plugin-catalog-backend prior to 1.7.2 that originates from a vulnerability...