3 matches found
CVE-2022-0528
CVE-2022-0528 is a Server-Side Request Forgery (SSRF) in transloadit/uppy and @uppy/companion prior to 3.3.1. The underlying issue is an access control error that could allow an unauthorized attacker to access sensitive information from GitHub repositories and, under certain conditions, enumerate...
CVE-2020-8205
CVE-2020-8205 affects the uppy npm package prior to 1.13.2 and prior to 2.0.0-alpha.5, introducing a Server-Side Request Forgery (SSRF) vulnerability that can be used to probe local/external networks or interact with internal systems. The issue is associated with the @uppy/companion context in re...
CVE-2022-0086
CVE-2022-0086 affects uppy (transloadit/uppy) via a Server-Side Request Forgery (SSRF) vulnerability. Multiple connected advisories corroborate an SSRF in uppy, with some sources noting potential exploitation involving IPv4‑mapped IPv6 addresses (e.g., the isPrivateIP check in request.js). The Re...