The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
7.5CVSS
7.3AI Score
0.004EPSS
The client in tusdotnet through 2.5.0 relies on SHA-1 to prevent spoofing of file content.
7.5CVSS
7.4AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.003EPSS
Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1.
7.5CVSS
7.5AI Score
0.001EPSS