CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,740 vulnerabilities with CWE-918
CVE-2024-38791 MEDIUM
Jordy Meow AI Engine: ChatGPT Chatbot < 2.4.7 - Server-Side Request Forgery
CVSS 4.9
CVE-2024-2090 MEDIUM
Remote Content Shortcode < 1.5 - Authenticated Server-Side Request Forgery via remote_content Shortcode
CVSS 6.4
CVE-2024-7330 MEDIUM
YouDianCMS 7 - Server-Side Request Forgery via ydLib URL Parameter
CVSS 6.3
CVE-2024-6980 CRITICAL
Bitdefender GravityZone < 6.38.1-5 - Server-Side Request Forgery via Proxy Service Error Handling
CVSS 9.8
CVE-2024-41305 MEDIUM
WonderCMS 3.4.3 - Server-Side Request Forgery via pluginThemeUrl
CVSS 4.7
CVE-2024-41120 CRITICAL
streamlit-geospatial < 2024-07-19 - Server-Side Request Forgery via URL Parameter in Vector Data Visualization
CVSS 9.8
CVE-2024-41118 HIGH
streamlit-geospatial < 2024-07-19 - Server-Side Request Forgery via Web Map Service URL Parameter
CVSS 7.5
CVE-2024-41813 HIGH
txtdot 1.4.0-1.6.1 - Server-Side Request Forgery via Proxy Route
CVSS 7.5
CVE-2024-41812 HIGH
txtdot < 1.7.0 - Server-Side Request Forgery via /get Route
CVSS 7.5
CVE-2024-6922 MEDIUM
Automation Anywhere Automation 360 v21-v32 - SSRF
CVE-2024-41668 HIGH
cBioPortal <6.0.12 - Server-Side Request Forgery via Proxy Endpoint
CVSS 8.3
CVE-2024-41664 MEDIUM
Canarytokens < sha-8ea5315 - Server-Side Request Forgery via Webhook Alert Feature
CVSS 5.4
CVE-2024-4260 MEDIUM
CoBlocks WordPress Plugin <3.1.12 - Contributor Server-Side Request Forgery
CVSS 6.5
CVE-2024-38730 MEDIUM
Noor alam Magical Addons For Elementor <1.1.41 - SSRF
CVSS 4.9
CVE-2024-38728 HIGH
Seraphinite Post .DOCX Source <= 2.16.9 - Server-Side Request Forgery
CVSS 7.2
CVE-2024-38723 MEDIUM
JSON Content Importer <1.5.6 - SSRF
CVSS 6.4
CVE-2024-37942 HIGH
BerqWP < 1.7.5 - Unauthenticated Server-Side Request Forgery
CVSS 7.2
CVE-2024-38758 MEDIUM
WappPress < 6.0.4 - Server-Side Request Forgery
CVSS 4.9
CVE-2024-29736 CRITICAL
Apache CXF <4.0.5, 3.6.4, 3.5.9 - SSRF
CVSS 9.1
CVE-2024-21527 HIGH
github.com/gotenberg/gotenberg/v8/pkg/* - SSRF
CVSS 8.2
CVE-2024-30125 MEDIUM
HCL BigFix Compliance < 2.0.11 - Denial of Service
CVSS 6.2
CVE-2024-40898 HIGH
Apache HTTP Server < 2.4.62 - Server-Side Request Forgery via mod_rewrite on Windows
CVSS 7.5
CVE-2024-31979 MEDIUM
Apache StreamPipes <= 0.93.0 - Server-Side Request Forgery via Pipeline Element Installation Endpoint
CVSS 4.3
CVE-2024-40632 LOW
linkerd2 < edge-24.6.2 - Server-Side Request Forgery via Localhost Shutdown Endpoint
CVSS 3.7
CVE-2024-36458 MEDIUM
Broadcom Symantec Privileged Access Management 3.4.6-4.1.7 - Server-Side Request Forgery
Details
Vulnerabilities 2,740
Links
MITRE CWE Entry Search this CWE With Exploits