Описание
Server-Side Request Forgery in @uppy/companion
The @uppy/companion npm package before versions 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
Пакеты
Наименование
@uppy/companion
npm
Затронутые версииВерсия исправления
< 1.13.2
1.13.2
Наименование
@uppy/companion
npm
Затронутые версииВерсия исправления
>= 2.0.0-alpha.0, <= 2.0.0-alpha.4
2.0.0-alpha.5
Связанные уязвимости
CVSS3: 7.5
nvd
больше 5 лет назад
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.