VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 14 of 80
  • CVE-2022-43183HigNov 17, 2022
    risk 0.50cvss 8.8epss 0.02

    XXL-Job before v2.3.1 contains a Server-Side Request Forgery (SSRF) via the component /admin/controller/JobLogController.java.

  • CVE-2021-40822HigMay 2, 2022
    risk 0.50cvss 7.5epss 0.19

    GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host.

  • CVE-2021-45394HigJan 18, 2022
    risk 0.50cvss 8.8epss 0.02

    An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document.

  • CVE-2021-41084HigSep 21, 2021
    risk 0.50cvss 8.7epss 0.01

    http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values…

  • CVE-2021-37711HigAug 16, 2021
    risk 0.50cvss 8.8epss 0.01

    Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.

  • CVE-2017-3164HigMar 8, 2019
    risk 0.50cvss 7.5epss 0.19

    Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the server could make Solr perform an HTTP GET request to any reachable URL.

  • CVE-2015-7570HigApr 24, 2017
    risk 0.50cvss 7.2epss 0.06

    Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.ph…

  • CVE-2017-7566HigApr 6, 2017
    risk 0.50cvss 7.7epss 0.02

    MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection mechanism.

  • CVE-2016-4374HigAug 8, 2016
    risk 0.50cvss 7.7epss 0.02

    HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.

  • CVE-2026-45012HigJun 12, 2026
    risk 0.49cvss 7.6epss 0.00

    ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 contain an authenticated server-side request forgery (SSRF) in the rich-text widget import flow. An authenticated user who can submit/edit rich-text widget content can cause…

  • CVE-2026-44492HigJun 11, 2026
    risk 0.49cvss 8.6epss 0.01

    Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6 addresses. When NO_PROXY lists an IPv4 address such as 127.0.0.1 or 169.254.169.254, a request URL using the IPv4-mapped IPv6 form…

  • CVE-2026-50131HigJun 10, 2026
    risk 0.49cvss 8.6epss 0.00

    Fedify is a TypeScript library for building federated server apps powered by ActivityPub. Fedify previously addressed SSRF/internal network access in GHSA-p9cg-vqcc-grcx by adding public URL validation before runtime document and media fetching. However, the IPv4 validation…

  • CVE-2026-20252HigJun 10, 2026
    risk 0.49cvss 7.6epss 0.00

    In Splunk Enterprise versions below 10.2.4, 10.0.7, 9.4.12, and 9.3.13, and Splunk Cloud Platform versions below 10.4.2604.3, 10.3.2512.12, 10.2.2510.14, 10.1.2507.22, and 9.3.2411.132, a low-privileged user that does not hold the "admin" or "power" Splunk roles could send…

  • CVE-2026-49372HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    In JetBrains TeamCity before 2026.1, 2025.11.5 unauthenticated SSRF via build status was possible

  • CVE-2026-45082HigMay 26, 2026
    risk 0.49cvss 7.6epss 0.00

    Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified in versions prior to 0.32.0 affecting redirect-following processing components. Although the application implements protections intended to…

  • CVE-2026-47358HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via external URL resolution in uploaded IaC templates when running in server mode. When Terrascan parses uploaded ARM templates or CloudFormation templates, it resolves external URLs referenced…

  • CVE-2026-47357HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the remote_url parameter in the remote directory scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/remote/dir/scan) when running in server mode. An unauthenticated remote attacker can supply an…

  • CVE-2026-47356HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.01

    Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary…

  • CVE-2026-31910HigMay 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are recommended to upgrade to version 24.09.06, which fixes the issue.

  • CVE-2026-42595HigMay 14, 2026
    risk 0.49cvss 8.6epss 0.00

    Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.32.0, Gotenberg's Chromium URL-to-PDF endpoint (/forms/chromium/convert/url) has no default protection against HTTP/HTTPS-based SSRF. The default deny-list regex only blocks file:// URIs. An unauthenticated…