4 matches found
Server-Side Request Forgery (SSRF)
uppy is vulnerable to server-side request forgery SSRF. The fix for CVE-2020-8135 is adequate and a bypass of the host's IP address against a blacklist exists, allowing a remote attacker to perform HTTP requests in the context of the server...
CVE-2020-8135
The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...
CVE-2020-8135
The uppy npm package 1.9.3 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems...
CVE-2020-8135
CVE-2020-8135 affects the uppy npm package prior to 1.9.3, where the SSRF flaw exists in the server-side handling. The root cause is the get route passing a user-controlled req.body.url to a GET request without sanitization, enabling an attacker to cause local or external network interactions. Af...