Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User input is being used directly to construct the host part of a URL for outgoing requests. This means attackers can control where your server sends requests, which is unsafe.
Impact#
An attacker could make your server send requests to malicious or internal systems, potentially leaking sensitive data (like cookies or credentials) or accessing resources that should be protected. This could result in data breaches, unauthorized access, or your server being used in further attacks.