Lucene search
Veracode Vulnerability DatabaseVERACODE:25774HistoryJun 29, 2020 - 2:56 a.m.
Server-Side Request Forgery (SSRF)
2020-06-2902:56:26
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.004 Low
EPSS
Percentile
74.2%
uppy is vulnerable to server-side request forgery (SSRF). The fix for CVE-2020-8135 is adequate and a bypass of the host’s IP address against a blacklist exists, allowing a remote attacker to perform HTTP requests in the context of the server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| uppy | le | 1.13.1 | |
| uppy | le | 1.16.0 | |
| uppy | le | 1.7.0 | |
| @uppy/companion | le | 2.0.0-alpha.4 | |
| @uppy/companion | le | 1.13.1 | |
| uppy | le | 1.9.3 | |
| uppy | le | [email protected] |
Related
hackerone
hackerone
osv
osv
Server-Side Request Forgery in @uppy/companion
2020-09-03 15:51:19
CVE-2020-8205
2020-07-20 15:15:16
CVE-2020-8135
2020-03-20 19:15:12
cvelist
cvelist
CVE-2020-8135
2020-03-20 18:26:32
CVE-2020-8205
2020-07-20 15:00:53
cve
cve
CVE-2020-8135
2020-03-20 19:15:12
CVE-2020-8205
2020-07-20 15:15:16
veracode
veracode
Server-Side Request Forgery (SSRF)
2020-03-03 05:40:36
nodejs
nodejs
Server-Side Request Forgery
2020-03-26 19:35:50
attackerkb
attackerkb
CVE-2020-8135
2020-03-20 00:00:00
prion
prion
Server side request forgery (ssrf)
2020-03-20 19:15:00
Server side request forgery (ssrf)
2020-07-20 15:15:00
nvd
nvd
CVE-2020-8135
2020-03-20 19:15:12
CVE-2020-8205
2020-07-20 15:15:16
githubexploit
githubexploit
Exploit for Server-Side Request Forgery in Transloadit Uppy
2020-12-01 09:45:48
Exploit for Server-Side Request Forgery in Uppy
2020-12-01 09:45:48
github
github
Server-Side Request Forgery in @uppy/companion
2020-09-03 15:51:19
Server-Side Request Forgery in @uppy/companion
2020-08-13 18:54:19