Lucene search
Veracode Vulnerability DatabaseVERACODE:33515HistoryJan 05, 2022 - 4:31 a.m.
Server-side Request Forgery (SSRF)
2022-01-0504:31:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.002 Low
EPSS
Percentile
57.2%
uppy is vulnerable to server-side request forgery. The vulnerability exists in the isPrivateIP function in request.js as it does not properly check IPv4-mapped IPv6 addresses when it contains a double colon in front of the IP address (example: ::ffff:7f00:2), allowing an attacker to send requests on behalf of the server into any IP address, including private and cloud IP addresses.
| CPE | Name | Operator | Version |
|---|---|---|---|
| uppy | le | 2.3.2 | |
| @uppy/companion | le | 3.1.4 | |
| uppy | le | 2.3.2 | |
| @uppy/companion | le | 3.1.4 |
Related
prion
prion
Server side request forgery (ssrf)
2022-01-04 18:15:00
cvelist
cvelist
CVE-2022-0086 Server-Side Request Forgery (SSRF) in transloadit/uppy
2022-01-04 17:15:11
github
github
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)
2022-01-06 22:24:35
osv
osv
CVE-2022-0086
2022-01-04 18:15:08
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)
2022-01-06 22:24:35
huntr
huntr
Server-Side Request Forgery (SSRF) in transloadit/uppy
2021-12-30 17:00:22
nvd
nvd
CVE-2022-0086
2022-01-04 18:15:08
cve
cve
CVE-2022-0086
2022-01-04 18:15:08