@uppy/companion@1.1.0 vulnerabilities
OAuth helper and remote fetcher for Uppy's (https://uppy.io) extensible file upload widget with support for drag&drop, resumable uploads, previews, restrictions, file processing/encoding, remote providers like Dropbox and Google Drive, S3 and more :dog:
-
latest version
5.1.4
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
11 days ago
-
licenses detected
- >=0.14.0 <4.0.1
Direct Vulnerabilities
Known vulnerabilities in the @uppy/companion package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
@uppy/companion is a server integration for Uppy file uploader. Affected versions of this package are vulnerable to Information Exposure via a debug flag that is set to true by default, a user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular name. How to fix Information Exposure? Upgrade |
<3.3.1
|
@uppy/companion is a server integration for Uppy file uploader. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). The How to fix Server-side Request Forgery (SSRF)? Upgrade |
<1.9.3
|
@uppy/companion is a server integration for Uppy file uploader. Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF). An attacker can create a host or file and redirect all requests which are being received to a specific internal host. How to fix Server-side Request Forgery (SSRF)? Upgrade |
<1.13.2
>=2.0.0-alpha.0 <2.0.0-alpha.5
|