Lucene search
Veracode Vulnerability DatabaseVERACODE:33515HistoryJan 05, 2022 - 4:31 a.m.
Server-side Request Forgery (SSRF)
2022-01-0504:31:37
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
ssrf
vulnerability
ipv4-mapped
request.js
cloud ip addresses
EPSS
0.003
Percentile
66.0%
uppy is vulnerable to server-side request forgery. The vulnerability exists in the isPrivateIP function in request.js as it does not properly check IPv4-mapped IPv6 addresses when it contains a double colon in front of the IP address (example: ::ffff:7f00:2), allowing an attacker to send requests on behalf of the server into any IP address, including private and cloud IP addresses.
Related
prion
prion
Server side request forgery (ssrf)
2022-01-04 18:15:00
github
github
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)
2022-01-06 22:24:35
cvelist
cvelist
CVE-2022-0086 Server-Side Request Forgery (SSRF) in transloadit/uppy
2022-01-04 17:15:11
osv
osv
uppy's companion module is vulnerable to Server-Side Request Forgery (SSRF)
2022-01-06 22:24:35
CVE-2022-0086
2022-01-04 18:15:08
nvd
nvd
CVE-2022-0086
2022-01-04 18:15:08
cve
cve
CVE-2022-0086
2022-01-04 18:15:08
huntr
huntr
Server-Side Request Forgery (SSRF) in transloadit/uppy
2021-12-30 17:00:22