CWE-918
Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-664
CVEs mapped to this weakness (1,583)
page 12 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-25534 | Cri | 0.52 | 9.1 | 0.00 | Mar 17, 2026 | ### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916)… | ||
| CVE-2025-53371 | Cri | 0.52 | 9.1 | 0.00 | Jul 10, 2025 | DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and… | ||
| CVE-2024-29415 | Hig | 0.52 | 8.1 | 0.08 | May 27, 2024 | The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix… | ||
| CVE-2024-25738 | Cri | 0.52 | 9.1 | 0.01 | May 22, 2024 | A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code… | ||
| CVE-2024-31461 | Cri | 0.52 | 9.1 | 0.01 | Apr 10, 2024 | Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to… | ||
| CVE-2024-27620 | — | Hig | 0.52 | 7.5 | 0.03 | Apr 6, 2024 | An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API. | |
| CVE-2024-22205 | Cri | 0.52 | 9.1 | 0.01 | Jan 23, 2024 | Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads… | ||
| CVE-2024-22203 | Cri | 0.52 | 9.1 | 0.01 | Jan 23, 2024 | Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in… | ||
| CVE-2023-48240 | Cri | 0.52 | 9.0 | 0.01 | Nov 20, 2023 | XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for… | ||
| CVE-2023-27159 | — | Hig | 0.52 | 7.5 | 0.36 | Mar 31, 2023 | Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request. | |
| CVE-2022-2900 | — | Cri | 0.52 | 9.1 | 0.01 | Sep 14, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0. | |
| CVE-2022-0768 | — | Cri | 0.52 | 9.1 | 0.02 | Feb 28, 2022 | Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2. | |
| CVE-2021-36043 | Hig | 0.52 | 8.0 | 0.02 | Sep 1, 2021 | Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be… | ||
| CVE-2021-30108 | — | Cri | 0.52 | 9.1 | 0.01 | May 24, 2021 | Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it. | |
| CVE-2021-30492 | cri | 0.52 | — | 0.00 | Apr 29, 2021 | ### Impact Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF). ### Resolution Validate the provided Zendesk subdomain to be a valid subdomain in: * getAuthUrl * getAccessToken | ||
| CVE-2020-15152 | Cri | 0.52 | 9.1 | 0.02 | Aug 17, 2020 | ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the… | ||
| CVE-2017-1000139 | Hig | 0.52 | 8.0 | 0.01 | Nov 3, 2017 | Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues. | ||
| CVE-2025-64178 | — | Hig | 0.51 | — | 0.00 | Nov 6, 2025 | Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This… | |
| CVE-2025-34021 | Hig | 0.51 | — | 0.01 | Jun 20, 2025 | A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate… | ||
| CVE-2026-44285 | Hig | 0.50 | 7.7 | 0.00 | May 29, 2026 | FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This… |
- risk 0.52cvss 9.1epss 0.00
### Impact Spinnaker updated URL Validation logic on user input to provide sanitation on user inputted URLs for clouddriver. However, they missed that Java URL objects do not correctly handle underscores on parsing. This led to a bypass of the previous CVE (CVE-2025-61916)…
- risk 0.52cvss 9.1epss 0.00
DiscordNotifications is an extension for MediaWiki that sends notifications of actions in your Wiki to a Discord channel. DiscordNotifications allows sending requests via curl and file_get_contents to arbitrary URLs set via $wgDiscordIncomingWebhookUrl and…
- risk 0.52cvss 8.1epss 0.08
The ip package through 2.0.1 for Node.js might allow SSRF because some IP addresses (such as 127.1, 01200034567, 012.1.2.3, 000:0:0000::01, and ::fFFf:127.0.0.1) are improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix…
- risk 0.52cvss 9.1epss 0.01
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code…
- risk 0.52cvss 9.1epss 0.01
Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to…
- risk 0.52cvss 7.5epss 0.03
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.
- risk 0.52cvss 9.1epss 0.01
Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads…
- risk 0.52cvss 9.1epss 0.01
Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in…
- risk 0.52cvss 9.0epss 0.01
XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for…
- risk 0.52cvss 7.5epss 0.36
Appwrite up to v1.2.1 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /v1/avatars/favicon. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request.
- risk 0.52cvss 9.1epss 0.01
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url prior to 8.1.0.
- risk 0.52cvss 9.1epss 0.02
Server-Side Request Forgery (SSRF) in GitHub repository rudloff/alltube prior to 3.0.2.
- risk 0.52cvss 8.0epss 0.02
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be…
- risk 0.52cvss 9.1epss 0.01
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.
- risk 0.52cvss —epss 0.00
### Impact Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF). ### Resolution Validate the provided Zendesk subdomain to be a valid subdomain in: * getAuthUrl * getAccessToken
- risk 0.52cvss 9.1epss 0.02
ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable. In ftp-srv before versions 2.19.6, 3.1.2, and 4.3.4 are vulnerable to Server-Side Request Forgery. The PORT command allows arbitrary IPs which can be used to cause the…
- risk 0.52cvss 8.0epss 0.01
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to server-side request forgery attacks as not all processes of curl redirects are checked against a white or black list. Employing SafeCurl will prevent issues.
- risk 0.51cvss —epss 0.00
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This…
- risk 0.51cvss —epss 0.01
A server-side request forgery (SSRF) vulnerability exists in multiple Selea Targa IP OCR-ANPR camera models, including iZero, Targa 512, Targa 504, Targa Semplice, Targa 704 TKM, Targa 805, Targa 710 INOX, Targa 750, and Targa 704 ILB. The application fails to validate…
- risk 0.50cvss 7.7epss 0.00
FastGPT is an AI Agent building platform. Prior to 4.15.0-beta1, a Server-Side Request Forgery (SSRF) vulnerability allows an authenticated attacker to bypass the global isInternalAddress network protection and make arbitrary HTTP GET requests to internal network services. This…