@uppy/companion@2.12.3 vulnerabilities
OAuth helper and remote fetcher for Uppy's (https://uppy.io) extensible file upload widget with support for drag&drop, resumable uploads, previews, restrictions, file processing/encoding, remote providers like Dropbox and Google Drive, S3 and more :dog:
-
latest version
4.13.1
-
latest non vulnerable version
-
first published
6 years ago
-
latest version published
16 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the @uppy/companion package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
@uppy/companion is a server integration for Uppy file uploader. Affected versions of this package are vulnerable to Information Exposure via a debug flag that is set to true by default, a user with URL upload access could enumerate internal companion server networks, send local webservers files to the destination server, and finally download them If each of these files had a guessable and regular name. How to fix Information Exposure? Upgrade |
<3.3.1
|