Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Passing untrusted user input directly to Puppeteer’s evaluate methods allows attackers to inject malicious code that runs in the browser context. This can expose internal resources or sensitive data to unauthorized users.
Impact#
If exploited, attackers could perform Server-Side Request Forgery (SSRF), accessing internal services, making unauthorized network requests, or leaking confidential information through your backend. This could lead to data breaches or compromise of internal infrastructure.