Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
The application uses user-supplied input (like params, cookies, or request headers) to build HTTP requests without validation. This allows attackers to control the destination or content of outbound requests from your server.
Impact#
An attacker could trick your server into making unintended requests to internal or external systems, potentially exposing sensitive data, accessing internal resources, or being used as a proxy for malicious activity. This can lead to data breaches, unauthorized access, or service misuse.