Vulnerabilities in backstage/plugin-auth-backend