Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4606 vulnerabilities reference this CWE, most recent first.

GHSA-X3F9-VCP2-HGCW

Vulnerability from github – Published: 2026-04-21 21:31 – Updated: 2026-05-06 22:07
VLAI
Summary
Bagisto affected by Server-Side Request Forgery
Details

A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure and explained: "We already replied on the github advisories. All the security issues are addressed through security advisory. We will fix this in our upcomming releases."

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "bagisto/bagisto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.3.15"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-6744"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-05-06T22:07:40Z",
    "nvd_published_at": "2026-04-21T19:16:18Z",
    "severity": "LOW"
  },
  "details": "A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure and explained: \"We already replied on the github advisories. All the security issues are addressed through security advisory. We will fix this in our upcomming releases.\"",
  "id": "GHSA-x3f9-vcp2-hgcw",
  "modified": "2026-05-06T22:07:40Z",
  "published": "2026-04-21T21:31:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6744"
    },
    {
      "type": "WEB",
      "url": "https://drive.google.com/file/d/1pVSN3BYjI_rUE2Jms5EcIBGSMdrq6Wql/view?usp=sharing"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/bagisto/bagisto"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/794680"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358435"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/358435/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Bagisto affected by Server-Side Request Forgery"
}

GHSA-X3FG-4H2P-6MGP

Vulnerability from github – Published: 2026-06-09 18:30 – Updated: 2026-06-09 18:30
VLAI
Details

Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-45504"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-09T17:17:26Z",
    "severity": "HIGH"
  },
  "details": "Server-side request forgery (ssrf) in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.",
  "id": "GHSA-x3fg-4h2p-6mgp",
  "modified": "2026-06-09T18:30:51Z",
  "published": "2026-06-09T18:30:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45504"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45504"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3H6-75JV-6FFR

Vulnerability from github – Published: 2022-05-14 03:10 – Updated: 2022-05-14 03:10
VLAI
Details

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2018-5752"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-06-16T01:29:00Z",
    "severity": "HIGH"
  },
  "details": "The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors involving non-decimal representations of IP addresses and special IPv6 related addresses.",
  "id": "GHSA-x3h6-75jv-6ffr",
  "modified": "2022-05-14T03:10:31Z",
  "published": "2022-05-14T03:10:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5752"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44881"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/148118/OX-App-Suite-7.8.4-XSS-Privilege-Management-SSRF-Traversal.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Jun/23"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X3M3-G8W6-MF28

Vulnerability from github – Published: 2022-03-16 00:00 – Updated: 2022-11-30 20:27
VLAI
Summary
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Details

Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity (XXE) attacks, which is only a problem if XML documents are parsed on the Jenkins controller.

Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of a controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.

This vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the LTS upgrade guide.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.jenkins-ci.plugins:semantic-versioning-plugin"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-27201"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611",
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-30T20:27:14Z",
    "nvd_published_at": "2022-03-15T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Jenkins Semantic Versioning Plugin defines a controller/agent message that processes a given file as XML and returns version information. The XML parser is not configured to prevent XML external entity (XXE) attacks, which is only a problem if XML documents are parsed on the Jenkins controller.\n\nJenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of a controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.\n\nThis vulnerability is only exploitable in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier. See the [LTS upgrade guide](https://www.jenkins.io/doc/upgrade-guide/2.303/#upgrading-to-jenkins-lts-2-303-3).",
  "id": "GHSA-x3m3-g8w6-mf28",
  "modified": "2022-11-30T20:27:14Z",
  "published": "2022-03-16T00:00:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27201"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/jenkinsci/semantic-versioning-plugin"
    },
    {
      "type": "WEB",
      "url": "https://www.jenkins.io/security/advisory/2022-03-15/#SECURITY-2124"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2022/03/15/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin"
}

GHSA-X3X3-QWJQ-8GJ4

Vulnerability from github – Published: 2022-12-13 18:30 – Updated: 2022-12-15 22:00
VLAI
Summary
Apache CXF Server-Side Request Forgery vulnerability
Details

A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cxf:cxf-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.4.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.cxf:cxf-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.5.0"
            },
            {
              "fixed": "3.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-46364"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-12-13T19:45:21Z",
    "nvd_published_at": "2022-12-13T17:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "A SSRF vulnerability in parsing the href attribute of XOP:Include in MTOM requests in versions of Apache CXF before 3.5.5 and 3.4.10 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type.",
  "id": "GHSA-x3x3-qwjq-8gj4",
  "modified": "2022-12-15T22:00:04Z",
  "published": "2022-12-13T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46364"
    },
    {
      "type": "WEB",
      "url": "https://cxf.apache.org/security-advisories.data/CVE-2022-46364.txt?version=1\u0026modificationDate=1670944472739\u0026api=v2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Apache CXF Server-Side Request Forgery vulnerability"
}

GHSA-X424-J55F-6XV3

Vulnerability from github – Published: 2022-05-26 00:01 – Updated: 2022-06-08 00:00
VLAI
Details

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-1815"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-05-25T09:15:00Z",
    "severity": "HIGH"
  },
  "details": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.",
  "id": "GHSA-x424-j55f-6xv3",
  "modified": "2022-06-08T00:00:34Z",
  "published": "2022-05-26T00:01:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1815"
    },
    {
      "type": "WEB",
      "url": "https://github.com/jgraph/drawio/commit/c287bef9101d024b1fd59d55ecd530f25000f9d8"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/6e856a25-9117-47c6-9375-52f78876902f"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X46J-Q5R9-V3G5

Vulnerability from github – Published: 2025-04-24 18:31 – Updated: 2026-04-01 18:34
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-46511"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-24T16:15:42Z",
    "severity": "MODERATE"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in Derek Springer BeerXML Shortcode allows Server Side Request Forgery. This issue affects BeerXML Shortcode: from n/a through 0.71.",
  "id": "GHSA-x46j-q5r9-v3g5",
  "modified": "2026-04-01T18:34:58Z",
  "published": "2025-04-24T18:31:07Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46511"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/beerxml-shortcode/vulnerability/wordpress-beerxml-shortcode-0-71-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4HM-VCRP-R3Q5

Vulnerability from github – Published: 2026-04-08 09:31 – Updated: 2026-04-14 15:30
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-39630"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T09:16:33Z",
    "severity": "MODERATE"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through \u003c= 4.1.0.",
  "id": "GHSA-x4hm-vcrp-r3q5",
  "modified": "2026-04-14T15:30:29Z",
  "published": "2026-04-08T09:31:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39630"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/getty-images/vulnerability/wordpress-getty-images-plugin-4-1-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X4MR-7JCX-V2X6

Vulnerability from github – Published: 2022-05-24 17:47 – Updated: 2022-05-24 17:47
VLAI
Details

The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-29357"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-12T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "The ECT Provider component in OutSystems Platform Server 10 before 10.0.1104.0 and 11 before 11.9.0 (and LifeTime management console before 11.7.0) allows SSRF for arbitrary outbound HTTP requests.",
  "id": "GHSA-x4mr-7jcx-v2x6",
  "modified": "2022-05-24T17:47:09Z",
  "published": "2022-05-24T17:47:09Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-29357"
    },
    {
      "type": "WEB",
      "url": "https://labs.integrity.pt/advisories/cve-2021-29357"
    },
    {
      "type": "WEB",
      "url": "https://success.outsystems.com/Support/Security/Vulnerabilities/Vulnerability_RTAF-2226"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-X4QJ-2F4Q-R4RX

Vulnerability from github – Published: 2025-11-05 19:52 – Updated: 2025-11-07 20:31
VLAI
Summary
Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format
Details

Impact

A Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a Parse.File with uri parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server's file storage as the server crashes upon receiving the response.

Patches

The feature has been implemented in Parse Server 4.2.0 but never worked and reliably crashes the server when trying to use it due to a bug in its implementation. Since the feature is not currently working, and due to its risky nature, it has been removed to address the vulnerability.

Workarounds

None.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.2.0"
            },
            {
              "fixed": "7.5.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 8.4.0-alpha.1"
      },
      "package": {
        "ecosystem": "npm",
        "name": "parse-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "8.0.0"
            },
            {
              "fixed": "8.4.0-alpha.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-64430"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-11-05T19:52:27Z",
    "nvd_published_at": "2025-11-07T18:15:37Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nA Server-Side Request Forgery (SSRF) vulnerability in the file upload functionality when trying to upload a `Parse.File` with `uri` parameter allows to execute an arbitrary URI. The vulnerability stems from a file upload feature in which Parse Server retrieves the file data from a URI that is provided in the request. A request to the provided URI is executed, but the response is not stored in Parse Server\u0027s file storage as the server crashes upon receiving the response.\n\n### Patches\n\nThe feature has been implemented in Parse Server 4.2.0 but never worked and reliably crashes the server when trying to use it due to a bug in its implementation. Since the feature is not currently working, and due to its risky nature, it has been removed to address the vulnerability.\n\n### Workarounds\n\nNone.",
  "id": "GHSA-x4qj-2f4q-r4rx",
  "modified": "2025-11-07T20:31:43Z",
  "published": "2025-11-05T19:52:27Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/security/advisories/GHSA-x4qj-2f4q-r4rx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-64430"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/9903"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/pull/9904"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/commit/8bbe3efbcf4a3b66f4a8db9bfb18cd98c050db51"
    },
    {
      "type": "WEB",
      "url": "https://github.com/parse-community/parse-server/commit/97763863b72689a29ad7a311dfb590c3e3c50585"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/parse-community/parse-server"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format"
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.