Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The code constructs outgoing HTTP requests using user-supplied input as the URL host or base address. This allows attackers to control where requests are sent, creating a Server-Side Request Forgery (SSRF) risk.
Impact#
If exploited, an attacker could make your server send requests to internal services or sensitive endpoints, potentially exposing private data or giving access to internal networks. This can lead to data leaks, unauthorized actions, or further attacks against your infrastructure.