Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
The code uses unvalidated input from HTTP request data (such as query parameters or form fields) to build new outgoing requests with the ‘requests’ library. This allows attackers to control the destination of server-side requests, exposing the app to SSRF vulnerabilities.
Impact#
If exploited, attackers could make your server access internal or external systems, potentially bypassing firewalls, exposing sensitive data, or enabling further attacks. This can compromise internal infrastructure, leak data, or be used as a pivot point for more severe intrusions.