Lucene search
AttackerKBAKB:B07DD82E-171A-4DBA-B7B8-8F55F7A7F76FHistoryMar 20, 2020 - 12:00 a.m.
CVE-2020-8135
2020-03-2000:00:00
attackerkb.com
11
EPSS
0.003
Percentile
68.2%
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.
Recent assessments:
ericalexanderorg at March 21, 2020 1:52pm UTC reported:
SSRF in npm package thatβs downloaded 23k/week and is found in 4k Github repos. High because of itβs value to grab access keys from cloud metadata urls.
<https://hackerone.com/reports/786956>
Assessed Attacker Value: 5
Assessed Attacker Value: 5Assessed Attacker Value: 5
Related
hackerone
hackerone
Node.js third-party modules: Server Side Request Forgery in Uppy npm module
2020-01-31 16:31:11
cvelist
cvelist
CVE-2020-8135
2020-03-20 18:26:32
osv
osv
Server-Side Request Forgery in @uppy/companion
2020-09-03 15:51:19
CVE-2020-8135
2020-03-20 19:15:12
nodejs
nodejs
Server-Side Request Forgery
2020-03-26 19:35:50
veracode
veracode
Server-Side Request Forgery (SSRF)
2020-03-03 05:40:36
Server-Side Request Forgery (SSRF)
2020-06-29 02:56:26
cve
cve
CVE-2020-8135
2020-03-20 19:15:12
prion
prion
Server side request forgery (ssrf)
2020-03-20 19:15:00
nvd
nvd
CVE-2020-8135
2020-03-20 19:15:12
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Uppy
2020-12-01 09:45:48
github
github
Server-Side Request Forgery in @uppy/companion
2020-09-03 15:51:19