Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Low |
Description#
User-provided input is being passed directly to Axios for making HTTP requests without validation. This allows attackers to control the destination of server-side requests, potentially accessing internal or sensitive resources.
Impact#
If exploited, an attacker could make your server send requests to internal services, cloud metadata endpoints, or restricted APIs, possibly exposing sensitive data, internal network structure, or credentials. This can lead to data breaches, unauthorized actions, or further compromise of your infrastructure.