AIKIDO-2024-10409

uppy is vulnerable to Overly Permissive Cross-domain Whitelist

Low

uppy js

AIKIDO-2024-10409: uppy is vulnerable to Overly Permissive Cross-domain Whitelist in versions 3.5.0 - 4.5.0.

Overly Permissive Cross-domain Whitelist

Vuln in 3.5.0 - 4.5.0

Fixed in 4.6.0

No CVE available

TL;DR

Affected versions of the package are vulnerable to overly permissive cross-domain whitelisting when the corsOrigins environment variable is set to '*'.

Who does this affect?

You're affected if you are using a version which is within vulnerability ranges.

How can it be fixed?

Upgrade uppy library to patch version.

Background info

Link to vendor website

🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium

🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US

AIKIDO-2024-10409

uppy is vulnerable to Overly Permissive Cross-domain Whitelist

uppy js

AIKIDO-2024-10409: uppy is vulnerable to Overly Permissive Cross-domain Whitelist in versions 3.5.0 - 4.5.0.

Don’t be left in the dark