The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
7.5CVSS
7.3AI Score
0.004EPSS
9.8CVSS
9.4AI Score
0.003EPSS
Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1.
7.5CVSS
7.5AI Score
0.001EPSS