Lucene search
Veracode Vulnerability DatabaseVERACODE:22624HistoryMar 03, 2020 - 5:40 a.m.
Server-Side Request Forgery (SSRF)
2020-03-0305:40:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
0.003 Low
EPSS
Percentile
68.3%
uppy is vulnerable to server-side request forgery. The /get route calls a downloadURL without validating the url parameter, allowing an attacker to perform HTTP requests in the context of the server. This can result in the extracting of information from any internal resource.
| CPE | Name | Operator | Version |
|---|---|---|---|
| uppy | le | 1.7.0 | |
| uppy | le | 1.9.2 | |
| uppy | le | [email protected] | |
| @uppy/companion | le | 1.9.2 |
References
github.com/transloadit/uppy/blob/a88d564962a44959236206e8ea689d8d91a05279/CHANGELOG.md#193
github.com/transloadit/uppy/pull/2083
hackerone.com/reports/786956
sca.analysiscenter.veracode.com/vulnerability-database/security/server-side-request-forgery-ssrf-/javascript/sid-22624
www.npmjs.com/advisories/1501
Related
hackerone
hackerone
Node.js third-party modules: Server Side Request Forgery in Uppy npm module
2020-01-31 16:31:11
osv
osv
Server-Side Request Forgery in @uppy/companion
2020-09-03 15:51:19
CVE-2020-8135
2020-03-20 19:15:12
cvelist
cvelist
CVE-2020-8135
2020-03-20 18:26:32
cve
cve
CVE-2020-8135
2020-03-20 19:15:12
nodejs
nodejs
Server-Side Request Forgery
2020-03-26 19:35:50
attackerkb
attackerkb
CVE-2020-8135
2020-03-20 00:00:00
prion
prion
Server side request forgery (ssrf)
2020-03-20 19:15:00
nvd
nvd
CVE-2020-8135
2020-03-20 19:15:12
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Uppy
2020-12-01 09:45:48
github
github
Server-Side Request Forgery in @uppy/companion
2020-09-03 15:51:19
veracode
veracode
Server-Side Request Forgery (SSRF)
2020-06-29 02:56:26