CVE-2022-0528
MEDIUMtransloadit uppy < 3.3.1 - Server-Side Request Forgery
Title source: llmDescription
Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://huntr.dev/bounties/8b060cc3-2420-468e-8293-b9216620175b
Patch, Third Party Advisory x_refsource_misc
https://github.com/transloadit/uppy/commit/267c34045a1e62c98406d8c31261c604a11e544a
Scores
CVSS v3
6.5
EPSS
0.0096
EPSS Percentile
57.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Details
CWE
CWE-918
Status
published
Products (2)
transloadit/uppy
< 3.3.1
uppy/companion
0 - 3.3.1npm
Published
Mar 03, 2022
Tracked Since
Feb 18, 2026