Snyk Security Database

@backstage/plugin-techdocs-node is a Common node.js functionalities for TechDocs, to be shared between techdocs-backend plugin and techdocs-cli

Affected versions of this package are vulnerable to Permissive List of Allowed Inputs via the processing of the mkdocs.yml configuration file during the documentation build process. An attacker can execute arbitrary Python code by crafting a malicious configuration file that bypasses security controls through unfiltered configuration keys.

authlib is a library in building OAuth and OpenID Connect servers.

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature in jwt.decode(), which accepts alg: none. An attacker can gain unauthorized access, escalate privileges, or modify application data by submitting a malicious JWT containing alg: none and an empty signature.

org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services.

Affected versions of this package are vulnerable to Improper Handling of Insufficient Permissions or Privileges via improper enforcement of roles in the UMA 2.0 Protection API which fails to enforce the uma_protection role check. An attacker can access sensitive information by leveraging insufficient permission checks.