Description
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
Remediation
References
https://hackerone.com/reports/891270
Related Vulnerabilities
CVE-2020-36186 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2020-7736 Vulnerability in npm package bmoor
CVE-2022-35278 Vulnerability in maven package org.apache.activemq:artemis-web
CVE-2021-34371 Vulnerability in maven package org.neo4j:neo4j
CVE-2023-41037 Vulnerability in maven package org.webjars.bowergithub.openpgpjs:openpgpjs