The @uppy/companion npm package before versions 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
CPE | Name | Operator | Version |
---|---|---|---|
@uppy/companion | lt | 1.13.2 | |
@uppy/companion | ge | 2.0.0-alpha.0 | |
@uppy/companion | lt | 2.0.0-alpha.5 |