AIKIDO-2024-10443
uppy is vulnerable to Cross-Site Request Forgery (CSRF)
30
Low
uppy js
AIKIDO-2024-10443: uppy is vulnerable to Cross-Site Request Forgery (CSRF) in versions 0.27.0 - 4.6.0.
Cross-Site Request Forgery (CSRF)
Vuln in 0.27.0 - 4.6.0
Fixed in 4.7.0
No CVE available
TL;DR
Affected versions of the package are not explicitly protected against cross-site request forgery attacks in the grant config (OAuth2).
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade uppy library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US