High severityNVD Advisory· Published Jul 20, 2020· Updated Aug 4, 2024
CVE-2020-8205
CVE-2020-8205
Description
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@uppy/companionnpm | < 1.13.2 | 1.13.2 |
@uppy/companionnpm | >= 2.0.0-alpha.0, < 2.0.0-alpha.5 | 2.0.0-alpha.5 |
Affected products
2- Range: Fixed Versions: 1.13.2, 2.0.0-alpha.5
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-9m4x-8w29-r78gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8205ghsaADVISORY
- github.com/transloadit/uppy/blob/master/CHANGELOG.mdghsaWEB
- github.com/transloadit/uppy/pull/2322/commits/dbf2f4f30aeaf3bcc5971bb867bb0b5984084828ghsaWEB
- hackerone.com/reports/891270ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.