Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description#
Passing user-controlled or unvalidated parameters directly into the scalaj-http ‘Http’ method can let attackers make the server send requests to arbitrary URLs. This exposes the application to Server-Side Request Forgery (SSRF) risks.
Impact#
If exploited, an attacker could use your server to access internal services, sensitive data, or external systems, potentially bypassing network protections. This could lead to data leaks, exposure of internal infrastructure, or be used as a stepping stone for further attacks.