CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4652 vulnerabilities reference this CWE, most recent first.
GHSA-Q64H-5888-4MVG
Vulnerability from github – Published: 2022-05-17 03:30 – Updated: 2022-05-17 03:30In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
{
"affected": [],
"aliases": [
"CVE-2016-9752"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2016-12-01T11:59:00Z",
"severity": "HIGH"
},
"details": "In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.",
"id": "GHSA-q64h-5888-4mvg",
"modified": "2022-05-17T03:30:26Z",
"published": "2022-05-17T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9752"
},
{
"type": "WEB",
"url": "https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f"
},
{
"type": "WEB",
"url": "https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94622"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q676-GQF4-QC58
Vulnerability from github – Published: 2022-05-17 03:01 – Updated: 2025-04-20 03:32The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
{
"affected": [],
"aliases": [
"CVE-2016-9417"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-31T22:59:00Z",
"severity": "HIGH"
},
"details": "The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.",
"id": "GHSA-q676-gqf4-qc58",
"modified": "2025-04-20T03:32:07Z",
"published": "2022-05-17T03:01:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9417"
},
{
"type": "WEB",
"url": "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/10/8"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/11/18/1"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94396"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6FH-VC2V-H383
Vulnerability from github – Published: 2024-05-23 06:30 – Updated: 2024-07-03 18:43The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack
{
"affected": [],
"aliases": [
"CVE-2024-4399"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-05-23T06:15:11Z",
"severity": "CRITICAL"
},
"details": "The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack",
"id": "GHSA-q6fh-vc2v-h383",
"modified": "2024-07-03T18:43:25Z",
"published": "2024-05-23T06:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4399"
},
{
"type": "WEB",
"url": "https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6H7-4QGW-2J9P
Vulnerability from github – Published: 2022-04-20 00:00 – Updated: 2022-12-27 00:58A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/consul"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.17"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/consul"
},
"ranges": [
{
"events": [
{
"introduced": "1.10.0"
},
{
"fixed": "1.10.10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/hashicorp/consul"
},
"ranges": [
{
"events": [
{
"introduced": "1.11.0"
},
{
"fixed": "1.11.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-29153"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-04-28T21:13:56Z",
"nvd_published_at": "2022-04-19T16:17:00Z",
"severity": "HIGH"
},
"details": "A vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.",
"id": "GHSA-q6h7-4qgw-2j9p",
"modified": "2022-12-27T00:58:20Z",
"published": "2022-04-20T00:00:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29153"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery"
},
{
"type": "WEB",
"url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393"
},
{
"type": "PACKAGE",
"url": "https://github.com/hashicorp/consul"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202208-09"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20220602-0005"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector"
}
GHSA-Q6VQ-GMHJ-JJ3V
Vulnerability from github – Published: 2022-11-09 12:00 – Updated: 2022-11-09 19:02Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.
{
"affected": [],
"aliases": [
"CVE-2022-42494"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-08T19:15:00Z",
"severity": "MODERATE"
},
"details": "Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin \u003c= 4.2.5.1 on WordPress.",
"id": "GHSA-q6vq-gmhj-jj3v",
"modified": "2022-11-09T19:02:26Z",
"published": "2022-11-09T12:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42494"
},
{
"type": "WEB",
"url": "https://aioseo.com/changelog"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack-pro/wordpress-all-in-one-seo-pro-plugin-4-2-5-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q6WR-6G7V-9PXW
Vulnerability from github – Published: 2025-09-08 18:31 – Updated: 2025-09-08 18:31A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.
{
"affected": [],
"aliases": [
"CVE-2025-10096"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-08T16:15:35Z",
"severity": "MODERATE"
},
"details": "A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.",
"id": "GHSA-q6wr-6g7v-9pxw",
"modified": "2025-09-08T18:31:40Z",
"published": "2025-09-08T18:31:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10096"
},
{
"type": "WEB",
"url": "https://github.com/simstudioai/sim/issues/960"
},
{
"type": "WEB",
"url": "https://github.com/simstudioai/sim/pull/1149"
},
{
"type": "WEB",
"url": "https://github.com/simstudioai/sim/commit/3424a338b763115f0269b209e777608e4cd31785"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.323057"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.323057"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.644953"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q74F-RF27-8HXC
Vulnerability from github – Published: 2023-10-31 00:31 – Updated: 2023-11-06 16:34An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.opencrx:opencrx-client"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-46502"
],
"database_specific": {
"cwe_ids": [
"CWE-611",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2023-11-01T17:14:19Z",
"nvd_published_at": "2023-10-30T23:15:08Z",
"severity": "CRITICAL"
},
"details": "An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request.",
"id": "GHSA-q74f-rf27-8hxc",
"modified": "2023-11-06T16:34:04Z",
"published": "2023-10-31T00:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46502"
},
{
"type": "WEB",
"url": "https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399"
},
{
"type": "WEB",
"url": "https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e"
},
{
"type": "PACKAGE",
"url": "https://github.com/opencrx/opencrx"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "OpenCRX allows a remote attacker to execute arbitrary code via a crafted request"
}
GHSA-Q7F8-FR48-QW7G
Vulnerability from github – Published: 2022-03-29 00:01 – Updated: 2022-04-05 00:00A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.
{
"affected": [],
"aliases": [
"CVE-2022-0249"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-28T19:15:00Z",
"severity": "CRITICAL"
},
"details": "A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.",
"id": "GHSA-q7f8-fr48-qw7g",
"modified": "2022-04-05T00:00:48Z",
"published": "2022-03-29T00:01:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0249"
},
{
"type": "WEB",
"url": "https://hackerone.com/reports/579934"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0249.json"
},
{
"type": "WEB",
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/29395"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q7GX-M2G7-JWX9
Vulnerability from github – Published: 2022-05-17 00:01 – Updated: 2022-05-26 00:01SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses
{
"affected": [],
"aliases": [
"CVE-2022-1722"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-16T15:15:00Z",
"severity": "LOW"
},
"details": "SSRF in editor\u0027s proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses",
"id": "GHSA-q7gx-m2g7-jwx9",
"modified": "2022-05-26T00:01:25Z",
"published": "2022-05-17T00:01:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1722"
},
{
"type": "WEB",
"url": "https://github.com/jgraph/drawio/commit/cf5c78aa0f3127fb10053db55b39f3017a0654ae"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/c903d563-ba97-44e9-b421-22bfab1e0cbd"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q7MC-FC87-V7W7
Vulnerability from github – Published: 2023-08-04 18:30 – Updated: 2023-08-08 22:37OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.openrefine:main"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.6.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-41401"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2023-08-04T21:25:42Z",
"nvd_published_at": "2023-08-04T17:15:09Z",
"severity": "MODERATE"
},
"details": "OpenRefine \u003c= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.",
"id": "GHSA-q7mc-fc87-v7w7",
"modified": "2023-08-08T22:37:00Z",
"published": "2023-08-04T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41401"
},
{
"type": "WEB",
"url": "https://github.com/OpenRefine/OpenRefine/commit/8cb2fec45dd90fda8ed9608c691f6bb8ed721cd2"
},
{
"type": "PACKAGE",
"url": "https://github.com/OpenRefine/OpenRefine"
},
{
"type": "WEB",
"url": "https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b6586623bda09456c797c35983fb80ff/main/tests/server/src/com/google/refine/importing/ImportingUtilitiesTests.java#L180"
},
{
"type": "WEB",
"url": "https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f9ca916839778dc847cce803688998/main/src/com/google/refine/importing/ImportingUtilities.java#L103"
},
{
"type": "WEB",
"url": "https://github.com/ixSly/CVE-2022-41401"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "OpenRefine Server-Side Request Forgery vulnerability"
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.