Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40backstage/plugin-techdocs@0.0.0-nightly-202123122536
Typenpm
Namespace@backstage
Nameplugin-techdocs
Version0.0.0-nightly-202123122536
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.9.5
Latest_non_vulnerable_version0.9.5
Affected_by_vulnerabilities
0
url VCID-k287-ygcd-tkdk
vulnerability_id VCID-k287-ygcd-tkdk
summary 
Unrestricted Upload of File with Dangerous Type
Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin (`@backstage/plugin-techdocs`), a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an `object` element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limited by internal code review processes, unless the chosen TechDocs deployment method is to use an object store and the actor has access to upload files directly to that store. The vulnerability is patched in the `0.9.5` release of `@backstage/plugin-techdocs`.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32661
reference_id
reference_type
scores
0
value 0.00444
scoring_system epss
scoring_elements 0.63752
published_at 2026-06-09T12:55:00Z
1
value 0.00444
scoring_system epss
scoring_elements 0.63704
published_at 2026-06-04T12:55:00Z
2
value 0.00444
scoring_system epss
scoring_elements 0.63746
published_at 2026-06-05T12:55:00Z
3
value 0.00444
scoring_system epss
scoring_elements 0.63753
published_at 2026-06-06T12:55:00Z
4
value 0.00444
scoring_system epss
scoring_elements 0.63745
published_at 2026-06-07T12:55:00Z
5
value 0.00444
scoring_system epss
scoring_elements 0.63732
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32661
1
reference_url https://github.com/backstage/backstage/commit/aad98c544e59369901fe9e0a85f6357644dceb5c
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage/commit/aad98c544e59369901fe9e0a85f6357644dceb5c
2
reference_url https://github.com/backstage/backstage/releases/tag/release-2021-06-03
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage/releases/tag/release-2021-06-03
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32661
reference_id CVE-2021-32661
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32661
4
reference_url https://github.com/advisories/GHSA-gg96-f8wr-p89f
reference_id GHSA-gg96-f8wr-p89f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gg96-f8wr-p89f
5
reference_url https://github.com/backstage/backstage/security/advisories/GHSA-gg96-f8wr-p89f
reference_id GHSA-gg96-f8wr-p89f
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage/security/advisories/GHSA-gg96-f8wr-p89f
fixed_packages
0
url pkg:npm/%40backstage/plugin-techdocs@0.9.5
purl pkg:npm/%40backstage/plugin-techdocs@0.9.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540backstage/plugin-techdocs@0.9.5
aliases CVE-2021-32661, GHSA-gg96-f8wr-p89f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k287-ygcd-tkdk
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540backstage/plugin-techdocs@0.0.0-nightly-202123122536