CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,742 vulnerabilities with CWE-918
CVE-2023-42282 CRITICAL
fedorindutny/ip < 1.1.9 and >=2.0.0 <2.0.1 - Server-Side Request Forgery via isPublic IP Validation
CVSS 9.8
CVE-2023-6388 MEDIUM
SuiteCRM 7.14.2 - Server-Side Request Forgery
CVSS 5.0
CVE-2023-22817 MEDIUM
Western Digital My Cloud OS 5 and My Cloud Home - Server-Side Request Forgery via Loopback DNS Redirection
CVSS 5.5
CVE-2023-50165 HIGH
Pega Platform 8.2.1-23.1.0 - Information Exposure via Generated PDF
CVSS 8.5
CVE-2023-47116 MEDIUM
Label Studio < 1.11.0 - Server-Side Request Forgery via DNS Rebinding or HTTP Redirection
CVSS 5.3
CVE-2023-44313 HIGH
Apache ServiceComb < 2.2.0 - Server-Side Request Forgery
CVSS 7.6
CVE-2023-52331 HIGH
Trend Micro Apex Central - Authenticated Server-Side Request Forgery
CVSS 7.1
CVE-2023-38627 MEDIUM
Trend Micro Apex Central <6481 - SSRF
CVSS 5.4
CVE-2023-38626 MEDIUM
Trend Micro Apex Central <2019.6481 - SSRF
CVSS 5.4
CVE-2023-38625 MEDIUM
Trend Micro Apex Central <2019.6481 - SSRF
CVSS 5.4
CVE-2023-38624 MEDIUM
Trend Micro Apex Central <2019.6481 - SSRF
CVSS 5.4
CVE-2023-32337 MEDIUM
IBM Maximo Spatial Asset Management 8.10 - Authenticated Server-Side Request Forgery
CVSS 5.4
CVE-2023-6991 HIGH
JSM file_get_contents() Shortcode < 2.7.1 - Authenticated Server-Side Request Forgery via Shortcode Parameter
CVSS 8.8
CVE-2023-51804 HIGH
Rymcu Forest <0.02 - Info Disclosure
CVSS 7.5
CVE-2023-49471 HIGH
bar_assistant < 3.2.0 - Authenticated Server-Side Request Forgery via Image::make()
CVSS 8.8
CVE-2023-51441 HIGH
Apache Axis <= 1.3 - Server-Side Request Forgery via Admin Service
CVSS 7.2
CVE-2023-51676 MEDIUM
Leevio Happy Addons <3.9.1.1 - SSRF
CVSS 4.9
CVE-2023-7078 HIGH
Miniflare 3.20230821.0-3.20231030.1 - Server-Side Request Forgery via Crafted HTTP Requests
CVSS 7.5
CVE-2023-51697 MEDIUM
audiobookshelf < 2.7.0 - Unauthenticated Server-Side Request Forgery in podcastUtils.js
CVSS 4.3
CVE-2023-51665 MEDIUM
audiobookshelf < 2.7.0 - Unauthenticated Server-Side Request Forgery in Auth.js
CVSS 4.3
CVE-2023-51467 CRITICAL
Apache OFBiz XML-RPC Java Deserialization
CVSS 9.8
CVE-2023-50968 HIGH
Apache OFBiz < 18.12.11 - Unauthenticated Arbitrary File Read and Server-Side Request Forgery
CVSS 7.5
CVE-2023-51451 MEDIUM
Sentry Symbolicator 0.3.3-23.12.1 - Server-Side Request Forgery via Invalid Protocol Handling
CVSS 4.3
CVE-2023-50731 CRITICAL
MindsDB < 23.11.4.1 - Path Traversal and Arbitrary File Write via File Upload Name Parameter
CVSS 9.1
CVE-2023-50714 MEDIUM
yii2-authclient < 2.2.15 - Improper Authentication via OAuth2 PKCE Implementation
CVSS 6.8
Details
Vulnerabilities 2,742
Links
MITRE CWE Entry Search this CWE With Exploits