VYPR

CWE-918

Server-Side Request Forgery (SSRF)

BaseIncomplete

Description

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-664

CVEs mapped to this weakness (1,583)

page 16 of 80
  • CVE-2025-52477HigJun 26, 2025
    risk 0.49cvss 8.6epss 0.00

    Octo-STS is a GitHub App that acts like a Security Token Service (STS) for the GitHub API. Octo-STS versions before v0.5.3 are vulnerable to unauthenticated SSRF by abusing fields in OpenID Connect tokens. Malicious tokens were shown to trigger internal network requests which…

  • CVE-2024-13957HigMay 22, 2025
    risk 0.49cvss 7.6epss 0.00

    SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.

  • CVE-2024-53705HigJan 9, 2025
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall.

  • CVE-2024-50714HigDec 27, 2024
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via a crafted script to the /FB/getFbVideoSource.php component.

  • CVE-2024-55082HigDec 19, 2024
    risk 0.49cvss 7.5epss 0.00

    A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.

  • CVE-2024-9624HigDec 17, 2024
    risk 0.49cvss 7.6epss 0.00

    The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level…

  • CVE-2024-45317HigOct 11, 2024
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery (SSRF) vulnerability in SMA1000 appliance firmware versions 12.4.3-02676 and earlier allows a remote, unauthenticated attacker to cause the SMA1000 server-side application to make requests to an unintended IP address.

  • CVE-2023-41339HigOct 25, 2023
    risk 0.49cvss 8.6epss 0.01

    GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the…

  • CVE-2023-41937HigSep 6, 2023
    risk 0.49cvss 7.5epss 0.01

    Jenkins Bitbucket Push and Pull Request Plugin 2.4.0 through 2.8.3 (both inclusive) trusts values provided in the webhook payload, including certain URLs, and uses configured Bitbucket credentials to connect to those URLs, allowing attackers to capture Bitbucket credentials…

  • CVE-2023-26735HigApr 26, 2023
    risk 0.49cvss 7.5epss 0.01

    blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be…

  • CVE-2021-36396HigMar 6, 2023
    risk 0.49cvss 7.5epss 0.01

    In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

  • CVE-2022-40146HigSep 22, 2022
    risk 0.49cvss 7.5epss 0.06

    Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue affects Apache XML Graphics Batik 1.14.

  • CVE-2020-23622HigAug 15, 2022
    risk 0.49cvss 7.5epss 0.01

    An issue in the UPnP protocol in 4thline cling 2.0.0 through 2.1.2 allows remote attackers to cause a denial of service via an unchecked CALLBACK parameter in the request header

  • CVE-2022-29153HigApr 19, 2022
    risk 0.49cvss 7.5epss 0.09

    HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11.4 may allow server side request forgery when the Consul client agent follows redirects returned by HTTP health check endpoints. Fixed in 1.9.17, 1.10.10, and 1.11.5.

  • CVE-2022-24789HigMar 28, 2022
    risk 0.49cvss 7.6epss 0.01

    C1 CMS is an open-source, .NET based Content Management System (CMS). Versions prior to 6.12 allow an authenticated user to exploit Server Side Request Forgery (SSRF) by causing the server to make arbitrary GET requests to other servers in the local network or on localhost. The…

  • CVE-2021-45851HigMar 16, 2022
    risk 0.49cvss 7.5epss 0.01

    A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.

  • CVE-2021-23664HigJan 21, 2022
    risk 0.49cvss 8.6epss 0.01

    The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.

  • CVE-2021-22970HigNov 19, 2021
    risk 0.49cvss 7.5epss 0.01

    Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local…

  • CVE-2021-33511HigMay 21, 2021
    risk 0.49cvss 7.5epss 0.01

    Plone though 5.2.4 allows SSRF via the lxml parser. This affects Diazo themes, Dexterity TTW schemas, and modeleditors in plone.app.theming, plone.app.dexterity, and plone.supermodel.

  • CVE-2020-1925HigJan 9, 2020
    risk 0.49cvss 7.5epss 0.03

    Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious…