PT-2020-20024 · Uppy · @Uppy/Companion

Mahmoud0X00

Published

2020-07-20

Updated

2020-08-13

CVE-2020-8205

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions @uppy/companion versions prior to 1.13.2 @uppy/companion versions prior to 2.0.0-alpha.5

Description The issue allows an attacker to perform a Server-Side Request Forgery (SSRF) attack, enabling them to scan local or external networks or interact with internal systems. This can lead to unauthorized access and potential data breaches.

Recommendations For versions prior to 1.13.2, update to version 1.13.2 or later. For versions prior to 2.0.0-alpha.5, update to version 2.0.0-alpha.5 or later.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2020-8205

GHSA-9M4X-8W29-R78G

Affected Products

@Uppy/Companion

PT-2020-20024 · Uppy · @Uppy/Companion

CVE-2020-8205

Weakness Enumeration

Related Identifiers

Affected Products

References · 6