CWE-918
Server-Side Request Forgery (SSRF)
Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-664
CVEs mapped to this weakness (1,583)
page 76 of 80| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23206 | 0.00 | — | 0.02 | Feb 6, 2022 | In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | |||
| CVE-2022-0339 | 0.00 | — | 0.01 | Jan 30, 2022 | Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16. | |||
| CVE-2022-21697 | 0.00 | — | 0.01 | Jan 25, 2022 | Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is… | |||
| CVE-2021-23664 | — | 0.00 | — | 0.01 | Jan 21, 2022 | The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. | ||
| CVE-2021-45394 | — | 0.00 | — | 0.02 | Jan 18, 2022 | An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document. | ||
| CVE-2021-27738 | — | 0.00 | — | 0.03 | Jan 6, 2022 | All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming… | ||
| CVE-2022-0086 | — | 0.00 | — | 0.01 | Jan 4, 2022 | uppy is vulnerable to Server-Side Request Forgery (SSRF) | ||
| CVE-2021-4075 | 0.00 | — | 0.01 | Dec 6, 2021 | snipe-it is vulnerable to Server-Side Request Forgery (SSRF) | |||
| CVE-2021-23718 | — | 0.00 | — | 0.02 | Nov 22, 2021 | The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private. | ||
| CVE-2021-22970 | — | 0.00 | — | 0.01 | Nov 19, 2021 | Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local… | ||
| CVE-2021-25972 | — | 0.00 | — | 0.01 | Oct 20, 2021 | In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This… | ||
| CVE-2021-22958 | — | 0.00 | — | 0.01 | Oct 7, 2021 | A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0… | ||
| CVE-2021-41084 | — | 0.00 | — | 0.01 | Sep 21, 2021 | http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values… | ||
| CVE-2020-21122 | — | 0.00 | — | 0.01 | Sep 15, 2021 | UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports. | ||
| CVE-2021-36043 | 0.00 | — | 0.02 | Sep 1, 2021 | Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be… | |||
| CVE-2021-39150 | 0.00 | — | 0.03 | Aug 23, 2021 | XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime… | |||
| CVE-2021-37711 | — | 0.00 | — | 0.01 | Aug 16, 2021 | Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||
| CVE-2021-33571 | — | 0.00 | — | 0.03 | Jun 8, 2021 | In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses.… | ||
| CVE-2021-25640 | — | 0.00 | — | 0.02 | May 31, 2021 | In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability. | ||
| CVE-2021-30108 | — | 0.00 | — | 0.01 | May 24, 2021 | Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it. |
- CVE-2022-23206Feb 6, 2022risk 0.00cvss —epss 0.02
In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach.
- CVE-2022-0339Jan 30, 2022risk 0.00cvss —epss 0.01
Server-Side Request Forgery (SSRF) in Pypi calibreweb prior to 0.6.16.
- CVE-2022-21697Jan 25, 2022risk 0.00cvss —epss 0.01
Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is…
- CVE-2021-23664Jan 21, 2022risk 0.00cvss —epss 0.01
The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.
- CVE-2021-45394Jan 18, 2022risk 0.00cvss —epss 0.02
An issue was discovered in Spipu HTML2PDF before 5.2.4. Attackers can trigger deserialization of arbitrary data via the injection of a malicious tag in the converted HTML document.
- CVE-2021-27738Jan 6, 2022risk 0.00cvss —epss 0.03
All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming…
- CVE-2022-0086Jan 4, 2022risk 0.00cvss —epss 0.01
uppy is vulnerable to Server-Side Request Forgery (SSRF)
- CVE-2021-4075Dec 6, 2021risk 0.00cvss —epss 0.01
snipe-it is vulnerable to Server-Side Request Forgery (SSRF)
- CVE-2021-23718Nov 22, 2021risk 0.00cvss —epss 0.02
The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private.
- CVE-2021-22970Nov 19, 2021risk 0.00cvss —epss 0.01
Concrete CMS (formerly concrete5) versions 8.5.6 and below and version 9.0.0 allow local IP importing causing the system to be vulnerable toa. SSRF attacks on the private LAN servers by reading files from the local LAN. An attacker can pivot in the private LAN and exploit local…
- CVE-2021-25972Oct 20, 2021risk 0.00cvss —epss 0.01
In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This…
- CVE-2021-22958Oct 7, 2021risk 0.00cvss —epss 0.01
A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction with local services. Impact can vary depending on services exposed.CVSSv2.0…
- CVE-2021-41084Sep 21, 2021risk 0.00cvss —epss 0.01
http4s is an open source scala interface for HTTP. In affected versions http4s is vulnerable to response-splitting or request-splitting attacks when untrusted user input is used to create any of the following fields: Header names (`Header.name`å), Header values…
- CVE-2020-21122Sep 15, 2021risk 0.00cvss —epss 0.01
UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.
- CVE-2021-36043Sep 1, 2021risk 0.00cvss —epss 0.02
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a blind SSRF vulnerability in the bundled dotmailer extension. An attacker with admin privileges could abuse this to achieve remote code execution should Redis be…
- CVE-2021-39150Aug 23, 2021risk 0.00cvss —epss 0.03
XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime…
- CVE-2021-37711Aug 16, 2021risk 0.00cvss —epss 0.01
Versions prior to 6.4.3.1 contain an authenticated server-side request forgery vulnerability in file upload via URL. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
- CVE-2021-33571Jun 8, 2021risk 0.00cvss —epss 0.03
In Django 2.2 before 2.2.24, 3.x before 3.1.12, and 3.2 before 3.2.4, URLValidator, validate_ipv4_address, and validate_ipv46_address do not prohibit leading zero characters in octal literals. This may allow a bypass of access control that is based on IP addresses.…
- CVE-2021-25640May 31, 2021risk 0.00cvss —epss 0.02
In Apache Dubbo prior to 2.6.9 and 2.7.9, the usage of parseURL method will lead to the bypass of white host check which can cause open redirect or SSRF vulnerability.
- CVE-2021-30108May 24, 2021risk 0.00cvss —epss 0.01
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.