Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4652 vulnerabilities reference this CWE, most recent first.

GHSA-Q64H-5888-4MVG

Vulnerability from github – Published: 2022-05-17 03:30 – Updated: 2022-05-17 03:30
VLAI
Details

In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-12-01T11:59:00Z",
    "severity": "HIGH"
  },
  "details": "In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.",
  "id": "GHSA-q64h-5888-4mvg",
  "modified": "2022-05-17T03:30:26Z",
  "published": "2022-05-17T03:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9752"
    },
    {
      "type": "WEB",
      "url": "https://github.com/s9y/Serendipity/commit/fbdd50a448ed87ba34ea8c56446b8f1873eadd6f"
    },
    {
      "type": "WEB",
      "url": "https://blog.s9y.org/archives/271-Serendipity-2.0.5-and-2.1-beta3-released.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94622"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q676-GQF4-QC58

Vulnerability from github – Published: 2022-05-17 03:01 – Updated: 2025-04-20 03:32
VLAI
Details

The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2016-9417"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-01-31T22:59:00Z",
    "severity": "HIGH"
  },
  "details": "The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.",
  "id": "GHSA-q676-gqf4-qc58",
  "modified": "2025-04-20T03:32:07Z",
  "published": "2022-05-17T03:01:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9417"
    },
    {
      "type": "WEB",
      "url": "https://blog.mybb.com/2016/10/17/mybb-1-8-8-merge-system-1-8-8-release"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/10/8"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2016/11/18/1"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/94396"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6FH-VC2V-H383

Vulnerability from github – Published: 2024-05-23 06:30 – Updated: 2024-07-03 18:43
VLAI
Details

The does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-4399"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-23T06:15:11Z",
    "severity": "CRITICAL"
  },
  "details": "The  does not validate a parameter before making a request to it, which could allow unauthenticated users to perform SSRF attack",
  "id": "GHSA-q6fh-vc2v-h383",
  "modified": "2024-07-03T18:43:25Z",
  "published": "2024-05-23T06:30:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-4399"
    },
    {
      "type": "WEB",
      "url": "https://wpscan.com/vulnerability/0690327e-da60-4d71-8b3c-ac9533d82302"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6H7-4QGW-2J9P

Vulnerability from github – Published: 2022-04-20 00:00 – Updated: 2022-12-27 00:58
VLAI
Summary
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
Details

A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/consul"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.9.17"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/consul"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.10.0"
            },
            {
              "fixed": "1.10.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hashicorp/consul"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.11.0"
            },
            {
              "fixed": "1.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-29153"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-04-28T21:13:56Z",
    "nvd_published_at": "2022-04-19T16:17:00Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability was identified in Consul and Consul Enterprise (\u201cConsul\u201d) such that HTTP health check endpoints returning an HTTP redirect may be abused as a vector for server-side request forgery (SSRF). This vulnerability, CVE-2022-29153, was fixed in Consul 1.9.17, 1.10.10, and 1.11.5.",
  "id": "GHSA-q6h7-4qgw-2j9p",
  "modified": "2022-12-27T00:58:20Z",
  "published": "2022-04-20T00:00:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29153"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery"
    },
    {
      "type": "WEB",
      "url": "https://discuss.hashicorp.com/t/hcsec-2022-10-consul-s-http-health-check-may-allow-server-side-request-forgery/38393"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hashicorp/consul"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RBODKZL7HQE5XXS3SA2VIDVL4LAA5RWH"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202208-09"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20220602-0005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector"
}

GHSA-Q6VQ-GMHJ-JJ3V

Vulnerability from github – Published: 2022-11-09 12:00 – Updated: 2022-11-09 19:02
VLAI
Details

Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on WordPress.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-42494"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-08T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin \u003c= 4.2.5.1 on WordPress.",
  "id": "GHSA-q6vq-gmhj-jj3v",
  "modified": "2022-11-09T19:02:26Z",
  "published": "2022-11-09T12:00:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42494"
    },
    {
      "type": "WEB",
      "url": "https://aioseo.com/changelog"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/all-in-one-seo-pack-pro/wordpress-all-in-one-seo-pro-plugin-4-2-5-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q6WR-6G7V-9PXW

Vulnerability from github – Published: 2025-09-08 18:31 – Updated: 2025-09-08 18:31
VLAI
Details

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-10096"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-09-08T16:15:35Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called 3424a338b763115f0269b209e777608e4cd31785. Applying a patch is advised to resolve this issue.",
  "id": "GHSA-q6wr-6g7v-9pxw",
  "modified": "2025-09-08T18:31:40Z",
  "published": "2025-09-08T18:31:40Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10096"
    },
    {
      "type": "WEB",
      "url": "https://github.com/simstudioai/sim/issues/960"
    },
    {
      "type": "WEB",
      "url": "https://github.com/simstudioai/sim/pull/1149"
    },
    {
      "type": "WEB",
      "url": "https://github.com/simstudioai/sim/commit/3424a338b763115f0269b209e777608e4cd31785"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.323057"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.323057"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.644953"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q74F-RF27-8HXC

Vulnerability from github – Published: 2023-10-31 00:31 – Updated: 2023-11-06 16:34
VLAI
Summary
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Details

An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.opencrx:opencrx-client"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "5.3.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46502"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-01T17:14:19Z",
    "nvd_published_at": "2023-10-30T23:15:08Z",
    "severity": "CRITICAL"
  },
  "details": "An issue in OpenCRX v.5.2.2 allows a remote attacker to execute arbitrary code via a crafted request.",
  "id": "GHSA-q74f-rf27-8hxc",
  "modified": "2023-11-06T16:34:04Z",
  "published": "2023-10-31T00:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46502"
    },
    {
      "type": "WEB",
      "url": "https://github.com/opencrx/opencrx/commit/ce7a71db0bb34ecbcb0e822d40598e410a48b399"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/spookhorror/9519fc66d3946e887e4a86c06ddbee0e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/opencrx/opencrx"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenCRX allows a remote attacker to execute arbitrary code via a crafted request"
}

GHSA-Q7F8-FR48-QW7G

Vulnerability from github – Published: 2022-03-29 00:01 – Updated: 2022-04-05 00:00
VLAI
Details

A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-0249"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-28T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked.",
  "id": "GHSA-q7f8-fr48-qw7g",
  "modified": "2022-04-05T00:00:48Z",
  "published": "2022-03-29T00:01:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0249"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/579934"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-0249.json"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/29395"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7GX-M2G7-JWX9

Vulnerability from github – Published: 2022-05-17 00:01 – Updated: 2022-05-26 00:01
VLAI
Details

SSRF in editor's proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1722"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-16T15:15:00Z",
    "severity": "LOW"
  },
  "details": "SSRF in editor\u0027s proxy via IPv6 link-local address in GitHub repository jgraph/drawio prior to 18.0.5. SSRF to internal link-local IPv6 addresses",
  "id": "GHSA-q7gx-m2g7-jwx9",
  "modified": "2022-05-26T00:01:25Z",
  "published": "2022-05-17T00:01:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1722"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jgraph/drawio/commit/cf5c78aa0f3127fb10053db55b39f3017a0654ae"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/c903d563-ba97-44e9-b421-22bfab1e0cbd"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-Q7MC-FC87-V7W7

Vulnerability from github – Published: 2023-08-04 18:30 – Updated: 2023-08-08 22:37
VLAI
Summary
OpenRefine Server-Side Request Forgery vulnerability
Details

OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.openrefine:main"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.6.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41401"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-04T21:25:42Z",
    "nvd_published_at": "2023-08-04T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "OpenRefine \u003c= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.",
  "id": "GHSA-q7mc-fc87-v7w7",
  "modified": "2023-08-08T22:37:00Z",
  "published": "2023-08-04T18:30:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41401"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenRefine/OpenRefine/commit/8cb2fec45dd90fda8ed9608c691f6bb8ed721cd2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenRefine/OpenRefine"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenRefine/OpenRefine/blob/30d6edb7b6586623bda09456c797c35983fb80ff/main/tests/server/src/com/google/refine/importing/ImportingUtilitiesTests.java#L180"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenRefine/OpenRefine/blob/cb55cdfdf6f9ca916839778dc847cce803688998/main/src/com/google/refine/importing/ImportingUtilities.java#L103"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ixSly/CVE-2022-41401"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenRefine Server-Side Request Forgery vulnerability"
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.