High severityNVD Advisory· Published Mar 20, 2020· Updated Aug 4, 2024
CVE-2020-8135
CVE-2020-8135
Description
The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external network or otherwise interact with internal systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@uppy/companionnpm | < 1.9.3 | 1.9.3 |
Affected products
2- Range: Fixed Version: 1.9.3
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-mm7r-265w-jv6fghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8135ghsaADVISORY
- hackerone.com/reports/786956ghsax_refsource_MISCWEB
- www.npmjs.com/advisories/1501ghsaWEB
News mentions
0No linked articles in our index yet.