uppy is vulnerable to server-side request forgery. The /get
route calls a downloadURL
without validating the url
parameter, allowing an attacker to perform HTTP requests in the context of the server. This can result in the extracting of information from any internal resource.
CPE | Name | Operator | Version |
---|---|---|---|
uppy | le | 1.7.0 | |
uppy | le | 1.9.2 | |
uppy | le | [email protected] | |
@uppy/companion | le | 1.9.2 |
github.com/transloadit/uppy/blob/a88d564962a44959236206e8ea689d8d91a05279/CHANGELOG.md#193
github.com/transloadit/uppy/pull/2083
hackerone.com/reports/786956
sca.analysiscenter.veracode.com/vulnerability-database/security/server-side-request-forgery-ssrf-/javascript/sid-22624
www.npmjs.com/advisories/1501