Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/%40backstage/plugin-auth-backend@0.0.0-nightly-20230325022054
Typenpm
Namespace@backstage
Nameplugin-auth-backend
Version0.0.0-nightly-20230325022054
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.27.1
Latest_non_vulnerable_version0.27.1
Affected_by_vulnerabilities
0
url VCID-e5ww-6h1c-cyd6
vulnerability_id VCID-e5ww-6h1c-cyd6
summary 
@backstage/plugin-auth-backend: SSRF in experimental CIMD metadata fetch
A Server-Side Request Forgery (SSRF) vulnerability exists in `@backstage/plugin-auth-backend` when `auth.experimentalClientIdMetadataDocuments.enabled` is set to `true`. The CIMD
metadata fetch validates the initial `client_id` hostname against private IP ranges but does not apply the same validation after HTTP redirects.

The practical impact is limited. The attacker cannot read the response body from the internal request, cannot control request headers or method, and the feature must be explicitly
enabled via an experimental flag that is off by default. Deployments that restrict `allowedClientIdPatterns` to specific trusted domains are not affected.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32236.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32236.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32236
reference_id
reference_type
scores
0
value 0.00047
scoring_system epss
scoring_elements 0.14863
published_at 2026-06-07T12:55:00Z
1
value 0.00047
scoring_system epss
scoring_elements 0.14802
published_at 2026-06-09T12:55:00Z
2
value 0.00047
scoring_system epss
scoring_elements 0.1478
published_at 2026-06-08T12:55:00Z
3
value 0.00047
scoring_system epss
scoring_elements 0.14904
published_at 2026-06-06T12:55:00Z
4
value 0.00047
scoring_system epss
scoring_elements 0.14907
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32236
2
reference_url https://github.com/backstage/backstage
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage
3
reference_url https://github.com/backstage/backstage/commit/17038abf2dfdb4abc08a59b1c95af39851de0e07
reference_id
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:38:12Z/
url https://github.com/backstage/backstage/commit/17038abf2dfdb4abc08a59b1c95af39851de0e07
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447090
reference_id 2447090
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447090
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32236
reference_id CVE-2026-32236
reference_type
scores
0
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32236
6
reference_url https://github.com/advisories/GHSA-qp4c-xg64-7c6x
reference_id GHSA-qp4c-xg64-7c6x
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qp4c-xg64-7c6x
7
reference_url https://github.com/backstage/backstage/security/advisories/GHSA-qp4c-xg64-7c6x
reference_id GHSA-qp4c-xg64-7c6x
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:38:12Z/
url https://github.com/backstage/backstage/security/advisories/GHSA-qp4c-xg64-7c6x
fixed_packages
0
url pkg:npm/%40backstage/plugin-auth-backend@0.27.1
purl pkg:npm/%40backstage/plugin-auth-backend@0.27.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540backstage/plugin-auth-backend@0.27.1
aliases CVE-2026-32236, GHSA-qp4c-xg64-7c6x
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e5ww-6h1c-cyd6
1
url VCID-k56s-6jhu-abex
vulnerability_id VCID-k56s-6jhu-abex
summary 
@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass
The experimental OIDC provider in `@backstage/plugin-auth-backend` is vulnerable to a redirect URI allowlist bypass. Instances that have enabled experimental Dynamic Client Registration or Client ID Metadata Documents and configured `allowedRedirectUriPatterns` are affected.

A specially crafted redirect URI can pass the allowlist validation while resolving to an attacker-controlled host. If a victim approves the resulting OAuth consent request, their authorization code is sent to the attacker, who can exchange it for a valid access token.

This requires victim interaction and that one of the experimental features is explicitly enabled, which is not the default.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32235.json
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-32235.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-32235
reference_id
reference_type
scores
0
value 0.00033
scoring_system epss
scoring_elements 0.09988
published_at 2026-06-09T12:55:00Z
1
value 0.00033
scoring_system epss
scoring_elements 0.10052
published_at 2026-06-05T12:55:00Z
2
value 0.00033
scoring_system epss
scoring_elements 0.10068
published_at 2026-06-06T12:55:00Z
3
value 0.00033
scoring_system epss
scoring_elements 0.10039
published_at 2026-06-07T12:55:00Z
4
value 0.00033
scoring_system epss
scoring_elements 0.09954
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-32235
2
reference_url https://github.com/backstage/backstage
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage
3
reference_url https://github.com/backstage/backstage/commit/6042dd0c7f0706e0f473dafa92799ecf19c825ec
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/backstage/backstage/commit/6042dd0c7f0706e0f473dafa92799ecf19c825ec
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2447075
reference_id 2447075
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2447075
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-32235
reference_id CVE-2026-32235
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-32235
6
reference_url https://github.com/advisories/GHSA-wqvh-63mv-9w92
reference_id GHSA-wqvh-63mv-9w92
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wqvh-63mv-9w92
7
reference_url https://github.com/backstage/backstage/security/advisories/GHSA-wqvh-63mv-9w92
reference_id GHSA-wqvh-63mv-9w92
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-12T20:38:14Z/
url https://github.com/backstage/backstage/security/advisories/GHSA-wqvh-63mv-9w92
fixed_packages
0
url pkg:npm/%40backstage/plugin-auth-backend@0.27.1
purl pkg:npm/%40backstage/plugin-auth-backend@0.27.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/%2540backstage/plugin-auth-backend@0.27.1
aliases CVE-2026-32235, GHSA-wqvh-63mv-9w92
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k56s-6jhu-abex
Fixing_vulnerabilities
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/%2540backstage/plugin-auth-backend@0.0.0-nightly-20230325022054