VulnerableCode Package Details - pkg:npm/%40backstage/plugin-techdocs-backend@1.10.13

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-jpj8-auf5-f7cp	@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.	CVE-2024-45816 GHSA-39v3-f278-vj3g
VCID-r2bx-fd9s-ybc3	@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link.	CVE-2024-46976 GHSA-5j94-f3mf-8685

Vulnerability

Summary

Aliases

VCID-jpj8-auf5-f7cp

@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability When using the AWS S3 or GCS storage provider for TechDocs it is possible to access content in the entire storage bucket. This can leak contents of the bucket that are not intended to be accessible, as well as bypass permission checks in Backstage.

CVE-2024-45816
GHSA-39v3-f278-vj3g

VCID-r2bx-fd9s-ybc3

@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection An attacker with control of the contents of the TechDocs storage buckets is able to inject executable scripts in the TechDocs content that will be executed in the victim's browser when browsing documentation or navigating to an attacker provided link.

CVE-2024-46976
GHSA-5j94-f3mf-8685

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:48:38.845190+00:00	GHSA Importer	Fixing	VCID-r2bx-fd9s-ybc3	https://github.com/advisories/GHSA-5j94-f3mf-8685	38.6.0
2026-06-05T21:48:36.006616+00:00	GHSA Importer	Fixing	VCID-jpj8-auf5-f7cp	https://github.com/advisories/GHSA-39v3-f278-vj3g	38.6.0
2026-06-04T16:45:43.710060+00:00	GithubOSV Importer	Fixing	VCID-jpj8-auf5-f7cp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-39v3-f278-vj3g/GHSA-39v3-f278-vj3g.json	38.6.0
2026-06-04T16:45:39.415758+00:00	GithubOSV Importer	Fixing	VCID-r2bx-fd9s-ybc3	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-5j94-f3mf-8685/GHSA-5j94-f3mf-8685.json	38.6.0
2026-06-04T16:22:17.421489+00:00	GitLab Importer	Fixing	VCID-jpj8-auf5-f7cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@backstage/plugin-techdocs-backend/CVE-2024-45816.yml	38.6.0
2026-06-04T16:22:16.611348+00:00	GitLab Importer	Fixing	VCID-r2bx-fd9s-ybc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/@backstage/plugin-techdocs-backend/CVE-2024-46976.yml	38.6.0