Identifier

CVE-2020-8205

Package Slug

npm/uppy

Vulnerability

Server-Side Request Forgery (SSRF)

Description

The uppy npm package is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.

Affected Versions

All versions before 1.13.2, version 2.0.0

Solution

Upgrade to version 1.13.2, 2.0.0-alpha.5 or above. Note: 2.0.0-alpha.5 may be an unstable version. Use caution.

Last Modified

2020-07-24

source