Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4607 vulnerabilities reference this CWE, most recent first.

GHSA-W5X4-9GR8-6473

Vulnerability from github – Published: 2024-01-26 21:30 – Updated: 2024-01-26 21:30
VLAI
Details

A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0946"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-26T21:15:08Z",
    "severity": "HIGH"
  },
  "details": "A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-w5x4-9gr8-6473",
  "modified": "2024-01-26T21:30:22Z",
  "published": "2024-01-26T21:30:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0946"
    },
    {
      "type": "WEB",
      "url": "https://note.zhaoj.in/share/iNSyaClT0hGi"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.252190"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.252190"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W62C-5624-MCPG

Vulnerability from github – Published: 2022-05-14 02:59 – Updated: 2022-05-14 02:59
VLAI
Details

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5006"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-20T19:29:00Z",
    "severity": "HIGH"
  },
  "details": "Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.",
  "id": "GHSA-w62c-5624-mcpg",
  "modified": "2022-05-14T02:59:17Z",
  "published": "2022-05-14T02:59:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5006"
    },
    {
      "type": "WEB",
      "url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-23.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/104702"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W62P-CM3C-7RFC

Vulnerability from github – Published: 2025-05-23 21:31 – Updated: 2025-05-23 21:31
VLAI
Details

A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to manipulate URLs to direct requests to unexpected hosts or ports. This allows the attacker to use a TheHive server as a proxy to reach internal or otherwise restricted resources. This could be exploited to access other servers on the internal network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-48739"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-23T20:15:25Z",
    "severity": "MODERATE"
  },
  "details": "A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to manipulate URLs to direct requests to unexpected hosts or ports. This allows the attacker to use a TheHive server as a proxy to reach internal or otherwise restricted resources. This could be exploited to access other servers on the internal network.",
  "id": "GHSA-w62p-cm3c-7rfc",
  "modified": "2025-05-23T21:31:12Z",
  "published": "2025-05-23T21:31:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48739"
    },
    {
      "type": "WEB",
      "url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-002.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W689-557M-2CVQ

Vulnerability from github – Published: 2022-06-03 15:35 – Updated: 2022-06-03 15:35
VLAI
Summary
Server-Side Request Forgery in gogs webhook
Details

Impact

The malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected.

Patches

Webhook payload URLs are revalidated before each delivery to make sure they are not resolved to blocked local network addresses. Users should upgrade to 0.12.8 or the latest 0.13.0+dev.

Workarounds

Run Gogs in its own private network.

References

https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d/

For more information

If you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/issues/6901.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "gogs.io/gogs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.12.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-1285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-06-03T15:35:32Z",
    "nvd_published_at": "2022-06-01T06:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nThe malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected.\n\n### Patches\n\nWebhook payload URLs are revalidated before each delivery to make sure they are not resolved to blocked local network addresses. Users should upgrade to 0.12.8 or the latest 0.13.0+dev.\n\n### Workarounds\n\nRun Gogs in its own private network.\n\n### References\n\nhttps://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d/\n\n### For more information\n\nIf you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/issues/6901.\n",
  "id": "GHSA-w689-557m-2cvq",
  "modified": "2022-06-03T15:35:32Z",
  "published": "2022-06-03T15:35:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/gogs/gogs/security/advisories/GHSA-w689-557m-2cvq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1285"
    },
    {
      "type": "WEB",
      "url": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/gogs/gogs"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Server-Side Request Forgery in gogs webhook"
}

GHSA-W69P-F797-2JF5

Vulnerability from github – Published: 2024-01-08 09:30 – Updated: 2024-01-08 09:30
VLAI
Details

A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0304"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-08T08:15:36Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871.",
  "id": "GHSA-w69p-f797-2jf5",
  "modified": "2024-01-08T09:30:34Z",
  "published": "2024-01-08T09:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0304"
    },
    {
      "type": "WEB",
      "url": "https://note.zhaoj.in/share/3jF3Xpl3ttlZ"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.249871"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.249871"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W6C2-26PJ-HPQ6

Vulnerability from github – Published: 2022-03-15 00:01 – Updated: 2022-03-19 00:01
VLAI
Details

The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-43954"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-03-14T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have \u0027can add repository permission\u0027, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.",
  "id": "GHSA-w6c2-26pj-hpq6",
  "modified": "2022-03-19T00:01:10Z",
  "published": "2022-03-15T00:01:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43954"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/CRUC-8520"
    },
    {
      "type": "WEB",
      "url": "https://jira.atlassian.com/browse/FE-7384"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W6MV-QPWP-2H37

Vulnerability from github – Published: 2026-07-01 18:31 – Updated: 2026-07-01 18:31
VLAI
Details

NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-24242"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-07-01T16:16:44Z",
    "severity": "HIGH"
  },
  "details": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.",
  "id": "GHSA-w6mv-qpwp-2h37",
  "modified": "2026-07-01T18:31:47Z",
  "published": "2026-07-01T18:31:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24242"
    },
    {
      "type": "WEB",
      "url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
    },
    {
      "type": "WEB",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-24242"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W6PM-7X44-M335

Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-10-29 21:30
VLAI
Details

A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal     structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-37440"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-22T19:16:38Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability in the web-based management interface\u00a0of EdgeConnect SD-WAN Orchestrator could allow an\u00a0unauthenticated remote attacker to conduct a server-side\u00a0request forgery (SSRF) attack. A successful exploit allows\u00a0an attacker to enumerate information about the internal\n\u00a0 \u00a0 structure of the EdgeConnect SD-WAN Orchestrator host leading\u00a0to potential disclosure of sensitive information.\n\n",
  "id": "GHSA-w6pm-7x44-m335",
  "modified": "2024-10-29T21:30:43Z",
  "published": "2023-08-22T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37440"
    },
    {
      "type": "WEB",
      "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-W6Q8-88PH-G9VQ

Vulnerability from github – Published: 2024-08-13 21:31 – Updated: 2024-08-13 21:31
VLAI
Details

A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-7743"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-08-13T21:15:17Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-w6q8-88ph-g9vq",
  "modified": "2024-08-13T21:31:56Z",
  "published": "2024-08-13T21:31:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7743"
    },
    {
      "type": "WEB",
      "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE14-4.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.274363"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.274363"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.386435"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-W6R8-2M56-2CWG

Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-02-26 18:30
VLAI
Details

The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-1758"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-02-26T16:27:53Z",
    "severity": "MODERATE"
  },
  "details": "The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
  "id": "GHSA-w6r8-2m56-2cwg",
  "modified": "2024-02-26T18:30:30Z",
  "published": "2024-02-26T18:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1758"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/woocommerce-superfaktura/trunk/class-wc-superfaktura.php#L3418"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040372%40woocommerce-superfaktura\u0026new=3040372%40woocommerce-superfaktura\u0026sfp_email=\u0026sfph_mail="
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/520598d7-863f-4bf3-ba74-fa9b2cc32767?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.