CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4606 vulnerabilities reference this CWE, most recent first.
GHSA-WG8R-283G-68MR
Vulnerability from github – Published: 2024-03-28 06:30 – Updated: 2026-04-28 21:34Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates — Elementor, WordPress & Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates — Elementor, WordPress & Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.
{
"affected": [],
"aliases": [
"CVE-2023-34370"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-03-28T06:15:07Z",
"severity": "HIGH"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Brainstorm Force Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates, Brainstorm Force Premium Starter Templates.This issue affects Starter Templates \u2014 Elementor, WordPress \u0026 Beaver Builder Templates: from n/a through 3.2.4; Premium Starter Templates: from n/a through 3.2.4.",
"id": "GHSA-wg8r-283g-68mr",
"modified": "2026-04-28T21:34:22Z",
"published": "2024-03-28T06:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-34370"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-4-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WGC3-34QH-3H44
Vulnerability from github – Published: 2025-01-08 09:30 – Updated: 2025-01-08 15:31VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.
{
"affected": [],
"aliases": [
"CVE-2025-22215"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-08T07:15:28Z",
"severity": "MODERATE"
},
"details": "VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability.\u00a0A malicious actor with \"Organization Member\" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network.",
"id": "GHSA-wgc3-34qh-3h44",
"modified": "2025-01-08T15:31:11Z",
"published": "2025-01-08T09:30:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22215"
},
{
"type": "WEB",
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25312"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WGGH-6887-64V4
Vulnerability from github – Published: 2022-05-17 00:26 – Updated: 2022-05-17 00:26SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.
{
"affected": [],
"aliases": [
"CVE-2017-15644"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-19T22:29:00Z",
"severity": "HIGH"
},
"details": "SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as demonstrated by a GET request for tunnel/link.cgi/http://INTRANET-IP:8000.",
"id": "GHSA-wggh-6887-64v4",
"modified": "2022-05-17T00:26:00Z",
"published": "2022-05-17T00:26:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15644"
},
{
"type": "WEB",
"url": "https://github.com/webmin/webmin/commit/0c58892732ee7610a7abba5507614366d382c9c9"
},
{
"type": "WEB",
"url": "https://blogs.securiteam.com/index.php/archives/3430"
},
{
"type": "WEB",
"url": "http://www.webmin.com/changes.html"
},
{
"type": "WEB",
"url": "http://www.webmin.com/security.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WGM6-9RVV-3438
Vulnerability from github – Published: 2026-02-18 00:56 – Updated: 2026-06-09 14:28Reconsidered - Working as designed. (Update 2026-05-28)
Libredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it.
Anyone holding this permission already has full administrative control over the application, and outbound HTTP to operator-chosen URLs is the documented purpose of the webhook feature. This is working as designed.
A SECURITY.md documenting the threat model will be added to the repo shortly.
Date: 2025-12-07 Vulnerability: Server-Side Request Forgery (SSRF) Severity: Medium Component: Webhooks Module
Executive Summary
A critical security vulnerability exists in the LibreDesk Webhooks module that allows an authenticated "Application Admin" to compromise the underlying cloud infrastructure or internal corporate network where this service is being hosted.
The application fails to validate destination URLs for webhooks. This allows an attacker to force the server to make HTTP requests to arbitrary internal destinations.
Confirmed Attack Vectors
1. Internal Port Scanning (Network Mapping)
Attackers can map the internal network by observing the difference between successful connections and connection errors. This works even if the response body is not returned.
Proof of Exploitation (from Server Logs):
* Open Port (8890): The server connects successfully.
text
timestamp=... level=info message="webhook delivered successfully" ... status_code=200
* Closed Port (8891): The server fails to connect.
text
timestamp=... level=error message="webhook delivery failed" ... error="... connect: connection refused"
Impact: An attacker can identify running services (databases, caches, internal apps) on the local network (e.g., localhost, 192.168.x.x).
2. Information Leakage (Error-Based)
If the internal service returns a non-2xx response (e.g., 403 Forbidden, 404 Not Found, 500 Error), the application logs the full response body.
Proof of Exploitation (from Server Logs):
timestamp=... level=error message="webhook delivery failed" ...
response="{\"secret_key\": \"xxx123\", \"role\": \"admin\"}"
Impact: An attacker can extract sensitive data by targeting endpoints that return errors or by forcing errors on internal services.
Technical Root Cause
- Missing Input Validation:
cmd/webhooks.goonly checks if the URL is empty, not if it resolves to a private IP. - Unrestricted HTTP Client:
internal/webhook/webhook.gouses a defaulthttp.Clientthat follows redirects and connects to any IP. - Verbose Error Logging: The application logs the full response body on failure, creating a side-channel for data exfiltration.
Remediation Required
To prevent this, the application must implement Defense in Depth:
- Input Validation: Block URLs resolving to private IP ranges (RFC 1918) and Link-Local addresses.
- Safe HTTP Client: Use a custom
http.Transportthat verifies the destination IP address after DNS resolution to prevent DNS rebinding attacks.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/abhinavxd/libredesk"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.2-0.20260215211005-727213631ce6"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-26957"
],
"database_specific": {
"cwe_ids": [
"CWE-209",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-18T00:56:30Z",
"nvd_published_at": "2026-02-20T00:16:15Z",
"severity": "MODERATE"
},
"details": "## Reconsidered - Working as designed. (Update 2026-05-28)\n\nLibredesk is a single-tenant, self-hosted application. Configuring outbound webhook URLs requires an admin-only permission that is not granted by default - the operator must explicitly assign it.\n\nAnyone holding this permission already has full administrative control over the application, and outbound HTTP to operator-chosen URLs is the documented purpose of the webhook feature. This is working as designed.\n\nA SECURITY.md documenting the threat model will be added to the repo shortly.\n\n------------------------------------------------------------------------------------------------------------------------------\n\n**Date:** 2025-12-07\n**Vulnerability:** Server-Side Request Forgery (SSRF)\n**Severity:** Medium\n**Component:** Webhooks Module\n\n## Executive Summary\nA critical security vulnerability exists in the LibreDesk Webhooks module that allows an authenticated \"Application Admin\" to compromise the underlying cloud infrastructure or internal corporate network where this service is being hosted.\n\nThe application fails to validate destination URLs for webhooks. This allows an attacker to force the server to make HTTP requests to arbitrary internal destinations.\n\n## Confirmed Attack Vectors\n\n### 1. Internal Port Scanning (Network Mapping)\nAttackers can map the internal network by observing the difference between successful connections and connection errors. This works even if the response body is not returned.\n\n**Proof of Exploitation (from Server Logs):**\n* **Open Port (8890)**: The server connects successfully.\n ```text\n timestamp=... level=info message=\"webhook delivered successfully\" ... status_code=200\n ```\n* **Closed Port (8891)**: The server fails to connect.\n ```text\n timestamp=... level=error message=\"webhook delivery failed\" ... error=\"... connect: connection refused\"\n ```\n\n**Impact**: An attacker can identify running services (databases, caches, internal apps) on the local network (e.g., `localhost`, `192.168.x.x`).\n\n### 2. Information Leakage (Error-Based)\nIf the internal service returns a non-2xx response (e.g., 403 Forbidden, 404 Not Found, 500 Error), the application **logs the full response body**.\n\n**Proof of Exploitation (from Server Logs):**\n```text\ntimestamp=... level=error message=\"webhook delivery failed\" ... \nresponse=\"{\\\"secret_key\\\": \\\"xxx123\\\", \\\"role\\\": \\\"admin\\\"}\"\n```\n\n**Impact**: An attacker can extract sensitive data by targeting endpoints that return errors or by forcing errors on internal services.\n\n## Technical Root Cause\n1. **Missing Input Validation**: `cmd/webhooks.go` only checks if the URL is empty, not if it resolves to a private IP.\n2. **Unrestricted HTTP Client**: `internal/webhook/webhook.go` uses a default `http.Client` that follows redirects and connects to any IP.\n3. **Verbose Error Logging**: The application logs the full response body on failure, creating a side-channel for data exfiltration.\n\n## Remediation Required\nTo prevent this, the application must implement **Defense in Depth**:\n\n1. **Input Validation**: Block URLs resolving to private IP ranges (RFC 1918) and Link-Local addresses.\n2. **Safe HTTP Client**: Use a custom `http.Transport` that verifies the destination IP address *after* DNS resolution to prevent DNS rebinding attacks.",
"id": "GHSA-wgm6-9rvv-3438",
"modified": "2026-06-09T14:28:34Z",
"published": "2026-02-18T00:56:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/abhinavxd/libredesk/security/advisories/GHSA-wgm6-9rvv-3438"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-26957"
},
{
"type": "WEB",
"url": "https://github.com/abhinavxd/libredesk/commit/727213631ce6a36bcb06f50ce542155e78f51316"
},
{
"type": "PACKAGE",
"url": "https://github.com/abhinavxd/libredesk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Withdrawn Advisory: Libredesk has a SSRF Vulnerability in Webhooks",
"withdrawn": "2026-06-09T14:28:34Z"
}
GHSA-WGMX-PMM5-6G37
Vulnerability from github – Published: 2023-12-16 09:30 – Updated: 2023-12-16 09:30A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-6849"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-16T08:15:06Z",
"severity": "HIGH"
},
"details": "A vulnerability was found in kalcaddle kodbox up to 1.48. It has been rated as critical. Affected by this issue is the function cover of the file plugins/fileThumb/app.php. The manipulation of the argument path leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.48.04 is able to address this issue. The patch is identified as 63a4d5708d210f119c24afd941d01a943e25334c. It is recommended to upgrade the affected component. VDB-248210 is the identifier assigned to this vulnerability.",
"id": "GHSA-wgmx-pmm5-6g37",
"modified": "2023-12-16T09:30:18Z",
"published": "2023-12-16T09:30:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6849"
},
{
"type": "WEB",
"url": "https://github.com/kalcaddle/kodbox/commit/63a4d5708d210f119c24afd941d01a943e25334c"
},
{
"type": "WEB",
"url": "https://github.com/kalcaddle/kodbox/releases/tag/1.48.04"
},
{
"type": "WEB",
"url": "https://note.zhaoj.in/share/jSsPAWT1pKsq"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.248210"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.248210"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WH33-V2X8-3H4R
Vulnerability from github – Published: 2023-12-16 12:30 – Updated: 2023-12-16 12:30A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2023-6853"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-16T12:15:07Z",
"severity": "MODERATE"
},
"details": "A vulnerability classified as critical was found in kalcaddle KodExplorer up to 4.51.03. Affected by this vulnerability is the function index of the file plugins/officeLive/app.php. The manipulation of the argument path leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The identifier of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier VDB-248221 was assigned to this vulnerability.",
"id": "GHSA-wh33-v2x8-3h4r",
"modified": "2023-12-16T12:30:16Z",
"published": "2023-12-16T12:30:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6853"
},
{
"type": "WEB",
"url": "https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6"
},
{
"type": "WEB",
"url": "https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01"
},
{
"type": "WEB",
"url": "https://note.zhaoj.in/share/oaYHbDTnPiU3"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.248221"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.248221"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-WH9R-QHJQ-2HG4
Vulnerability from github – Published: 2024-10-25 21:31 – Updated: 2024-10-30 00:31An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.
{
"affected": [],
"aliases": [
"CVE-2024-48450"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-25T19:15:04Z",
"severity": "MODERATE"
},
"details": "An arbitrary file upload vulnerability in Huly Platform v0.6.295 allows attackers to execute arbitrary code via uploading a crafted HTML file into chat group.",
"id": "GHSA-wh9r-qhjq-2hg4",
"modified": "2024-10-30T00:31:04Z",
"published": "2024-10-25T21:31:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48450"
},
{
"type": "WEB",
"url": "https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-48450"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WHPP-XV3H-RWXF
Vulnerability from github – Published: 2026-06-11 09:31 – Updated: 2026-06-11 09:31When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to.
Affected versions: Spring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.
{
"affected": [],
"aliases": [
"CVE-2026-40999"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-11T07:16:27Z",
"severity": "HIGH"
},
"details": "When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through configured WebServiceMessageSender instances to destinations taken directly from request headers without verifying that those destinations are safe to connect to.\n\nAffected versions:\nSpring Web Services 5.0.0 through 5.0.1; 4.1.0 through 4.1.3; 4.0.0 through 4.0.18; 3.1.0 through 3.1.8.",
"id": "GHSA-whpp-xv3h-rwxf",
"modified": "2026-06-11T09:31:56Z",
"published": "2026-06-11T09:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40999"
},
{
"type": "WEB",
"url": "https://spring.io/security/cve-2026-40999"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WHR6-3CG4-2R5V
Vulnerability from github – Published: 2022-05-17 02:28 – Updated: 2022-05-17 02:28In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.
{
"affected": [],
"aliases": [
"CVE-2017-10973"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-06T16:29:00Z",
"severity": "MODERATE"
},
"details": "In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.",
"id": "GHSA-whr6-3cg4-2r5v",
"modified": "2022-05-17T02:28:17Z",
"published": "2022-05-17T02:28:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10973"
},
{
"type": "WEB",
"url": "https://github.com/andrzuk/FineCMS/pull/10"
},
{
"type": "WEB",
"url": "https://github.com/andrzuk/FineCMS/pull/11"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WJ3G-88QG-CWFG
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2026-04-01 18:36Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache. This issue affects LiteSpeed Cache: from n/a through 7.0.1.
{
"affected": [],
"aliases": [
"CVE-2025-47437"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T17:15:45Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in LiteSpeed Technologies LiteSpeed Cache. This issue affects LiteSpeed Cache: from n/a through 7.0.1.",
"id": "GHSA-wj3g-88qg-cwfg",
"modified": "2026-04-01T18:36:07Z",
"published": "2025-09-09T18:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47437"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/litespeed-cache/vulnerability/wordpress-litespeed-cache-plugin-7-0-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.