Uppy npm Package < 1.9.3 SSRF Vulnerability: Unauthorized Network Scanning and System Interaction

Uppy npm Package < 1.9.3 SSRF Vulnerability: Unauthorized Network Scanning and System Interaction

CVE-2020-8135 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.

Learn more about our Cis Benchmark Audit For Server Software.