Description
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
Remediation
References
https://hackerone.com/reports/891270
Related Vulnerabilities
CVE-2022-1291 Vulnerability in maven package org.webjars.bowergithub.hhurz:tableexport.jquery.plugin
CVE-2017-16185 Vulnerability in npm package uekw1511server
CVE-2020-26870 Vulnerability in maven package org.webjars.bowergithub.cure53:dompurify
CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common