Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description#
Passing unvalidated user input directly to Playwright’s goto() method can let attackers control which URLs are accessed. This exposes your application to unintended or malicious requests initiated by your server.
Impact#
If exploited, an attacker could force your server to make requests to internal services or external sites, leading to data exposure, unauthorized actions, or use of your infrastructure in further attacks. This can compromise sensitive information and internal network security.