CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,742 vulnerabilities with CWE-918
CVE-2023-50259 MEDIUM
Medusa < 1.0.19 - Unauthenticated Server-Side Request Forgery via Slack Webhook URL
CVSS 5.3
CVE-2023-50258 MEDIUM
Medusa < 1.0.19 - Unauthenticated Server-Side Request Forgery via Discord Webhook URL
CVSS 5.3
CVE-2023-7037 MEDIUM
Automad < 1.10.9 - Server-Side Request Forgery via FileController Import URL
CVSS 6.3
CVE-2023-6974 CRITICAL
MLflow < 2.9.2 - Server-Side Request Forgery
CVSS 9.8
CVE-2023-46262 HIGH
Ivanti Avalanche Remote Control - SSRF
CVSS 7.5
CVE-2023-6853 MEDIUM
KodExplorer < 4.52.01 - Server-Side Request Forgery via OfficeLive Plugin Path Parameter
CVSS 6.3
CVE-2023-6852 MEDIUM
kodcloud kodexplorer < 4.52.01 - Server-Side Request Forgery via webodf Plugin
CVSS 6.3
CVE-2023-6849 HIGH
kodbox < 1.48.04 - Server-Side Request Forgery via FileThumb Plugin Path Parameter
CVSS 7.3
CVE-2023-50266 MEDIUM
Bazarr 1.2.4 - Blind Server-Side Request Forgery via Proxy Endpoint
CVSS 5.3
CVE-2023-49159 HIGH
CommentLuv < 3.0.4 - Server-Side Request Forgery
CVSS 7.2
CVE-2023-48379 MEDIUM
Softnext Mail SQR Expert < 230330 - Unauthenticated Blind Server-Side Request Forgery via URL Parameter
CVSS 5.3
CVE-2023-6570 MEDIUM
kubeflow - Server-Side Request Forgery
CVSS 6.5
CVE-2023-40630 CRITICAL
jcdashboard 1.0.0-1.1.29 - Unauthenticated Server-Side Request Forgery
CVSS 9.8
CVE-2023-47619 HIGH
audiobookshelf < 2.4.3 - Authenticated Server-Side Request Forgery and Arbitrary File Read/Delete via Update Permission
CVSS 8.1
CVE-2023-49795 MEDIUM
MindsDB < 23.11.4.1 - Server-Side Request Forgery in file.py
CVSS 6.5
CVE-2023-49799 HIGH
nuxt-api-party < 0.22.0 - Server-Side Request Forgery via Leading Whitespace Bypass
CVSS 7.5
CVE-2023-49746 MEDIUM
SpeedyCache < 1.1.2 - Server-Side Request Forgery
CVSS 4.9
CVE-2023-46641 MEDIUM
WordPress 12 Step Meeting List <=3.14.24 - Server-Side Request Forgery
CVSS 4.9
CVE-2023-41804 HIGH
Brainstorm Force Starter Templates <= 3.2.4 - Server-Side Request Forgery
CVSS 7.1
CVE-2023-46736 MEDIUM
EspoCRM <8.0.5 - Server-Side Request Forgery via Image URL Upload
CVSS 5.3
CVE-2023-48910 CRITICAL
microcks < 1.17.1 - Server-Side Request Forgery via /jobs and /artifact/download
CVSS 9.8
CVE-2023-46746 MEDIUM
PostHog - Authenticated Server-Side Request Forgery via Webhook URL
CVSS 4.8
CVE-2023-49094 MEDIUM
Sentry Symbolicator >=0.3.3 <23.11.2 - Server-Side Request Forgery via Crafted HTTP Endpoint
CVSS 4.3
CVE-2023-6070 MEDIUM
Trellix ESM <11.6.8 - Authenticated Server-Side Request Forgery via Certificate Upload
CVSS 4.3
CVE-2023-48023 CRITICAL
Anyscale Ray 2.6.3 and 2.8.0 - Server-Side Request Forgery via Log Proxy Endpoint
CVSS 9.1
Details
Vulnerabilities 2,742
Links
MITRE CWE Entry Search this CWE With Exploits