Lucene search
ShieldfyNODEJS:1501HistoryMar 26, 2020 - 7:35 p.m.
Server-Side Request Forgery
2020-03-2619:35:50
Shieldfy
www.npmjs.com
14
EPSS
0.003
Percentile
68.2%
Overview
Versions of @uppy/companion prior to 1.9.3 are vulnerable to Server-Side Request Forgery (SSRF). The get route passes the user-controlled variable req.body.url to a GET request without sanitizing the value. This allows attackers to inject arbitrary URLs and make GET requests on behalf of the server.
Recommendation
Upgrade to version 1.9.3 or later.
References
Related
hackerone
hackerone
Node.js third-party modules: Server Side Request Forgery in Uppy npm module
2020-01-31 16:31:11
cvelist
cvelist
CVE-2020-8135
2020-03-20 18:26:32
osv
osv
Server-Side Request Forgery in @uppy/companion
2020-09-03 15:51:19
CVE-2020-8135
2020-03-20 19:15:12
veracode
veracode
Server-Side Request Forgery (SSRF)
2020-03-03 05:40:36
Server-Side Request Forgery (SSRF)
2020-06-29 02:56:26
cve
cve
CVE-2020-8135
2020-03-20 19:15:12
prion
prion
Server side request forgery (ssrf)
2020-03-20 19:15:00
attackerkb
attackerkb
CVE-2020-8135
2020-03-20 00:00:00
nvd
nvd
CVE-2020-8135
2020-03-20 19:15:12
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Uppy
2020-12-01 09:45:48
github
github
Server-Side Request Forgery in @uppy/companion
2020-09-03 15:51:19