Name of the Vulnerable Software and Affected Versions: @backstage/plugin-scaffolder-backend versions prior to 0.15.14

Description: The templating library used by the scaffolder backend has an issue where it assumes templates are trusted, allowing for potential remote code execution. A malicious actor with write access to a registered scaffolder template could manipulate the template to exploit this. The issue is mitigated by sandboxing the template code execution.

Recommendations: For versions prior to 0.15.14, update to version 0.15.14 to resolve the issue. As a temporary workaround, consider restricting access to the template yaml definition to minimize the risk of exploitation.