Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description#
User-supplied data from a web request is being used directly to build the URL for an outgoing server-side HTTP request. This allows attackers to control where your server connects, which is unsafe if not properly validated.
Impact#
If exploited, an attacker could make your server send requests to internal services or arbitrary external sites, potentially exposing sensitive data, enabling attacks on internal infrastructure, or using your server as a proxy for further attacks. This can lead to data breaches, service disruptions, or unauthorized access to internal resources.