@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch

Impact A Server-Side Request Forgery SSRF vulnerability exists in @backstage/plugin-auth-backend when auth.experimentalClientIdMetadataDocuments.enabled is set to true. The CIMD metadata fetch validates the initial clientid hostname against private IP ranges but does not apply the same validation...

Backstage 代码问题漏洞

Backstage is an open-source application developed by Backstage. It serves as an open platform for building developer portals. Versions of Backstage prior to 0.27.1 contained code-related vulnerabilities. These vulnerabilities stemmed from server-side request forgeing when the experimental client ...