CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,756 vulnerabilities with CWE-918
CVE-2022-0528 MEDIUM
transloadit uppy < 3.3.1 - Server-Side Request Forgery
CVSS 6.5
CVE-2022-0768 CRITICAL
alltube < 3.0.2 - Server-Side Request Forgery
CVSS 9.1
CVE-2022-25260 CRITICAL
JetBrains Hub < 2021.1.14276 - Server-Side Request Forgery
CVSS 9.1
CVE-2022-24333 MEDIUM
JetBrains TeamCity < 2021.2 - Server-Side Request Forgery via XML-RPC Call
CVSS 6.5
CVE-2022-24980 HIGH
Kitodo.Presentation < 2.3.2 - Unauthenticated Server-Side Request Forgery via eID Script
CVSS 7.5
CVE-2022-21215 CRITICAL
Mimosa Management Platform < 1.0.3 - Server-Side Request Forgery
CVSS 10.0
CVE-2022-0671 CRITICAL
vscode-xml <0.19.0 - Blind SSRF/DoS
CVSS 9.1
CVE-2022-23644 HIGH
BookWyrm < 0.3.0 - Authenticated Server-Side Request Forgery via Cover URL Load
CVSS 8.8
CVE-2022-24568 CRITICAL
novel-plus 3.6.0 - Server-Side Request Forgery
CVSS 9.8
CVE-2022-0508 MEDIUM
chocobozzz/peertube <f33e515991a32885622b217bf2ed1d1b0d9d6832 - SSRF
CVSS 5.3
CVE-2022-23206 HIGH
Apache Traffic Control < 5.1.6 and 6.0.0-6.1.0 - Server-Side Request Forgery via OAuth Login Endpoint
CVSS 7.5
CVE-2022-24129 HIGH
Shibboleth oidc_op < 3.0.4 - Server-Side Request Forgery via request_uri Parameter
CVSS 8.2
CVE-2022-0339 CRITICAL
calibre-web < 0.6.16 - Server-Side Request Forgery
CVSS 9.8
CVE-2022-22993 HIGH
Western Digital My Cloud OS < 5.19.117 - Server-Side Request Forgery via Parameter Whitelist Bypass
CVSS 7.8
CVE-2022-21697 MEDIUM
jupyter_server_proxy < 3.2.1 - Authenticated Server-Side Request Forgery via Allowed Hosts Bypass
CVSS 6.3
CVE-2022-22702 MEDIUM
PartKeepr < 1.4.0 - Authenticated Server-Side Request Forgery via URL Attachment Upload
CVSS 4.3
CVE-2022-0132 HIGH
PeerTube - Server-Side Request Forgery
CVSS 7.5
CVE-2022-0086 CRITICAL
transloadit/uppy < 2.3.3 and uppy/companion < 3.1.5 - Server-Side Request Forgery
CVSS 9.8
CVE-2021-47958 MEDIUM
CouchCMS 2.2.1 Server-Side Request Forgery via SVG upload
CVSS 4.3
CVE-2021-47776 MEDIUM
Umbraco CMS 8.14.1 - Server-Side Request Forgery via Dashboard and Help Controller Endpoints
CVSS 5.3
CVE-2021-47715 MEDIUM
Hasura GraphQL 1.3.3 - Server-Side Request Forgery via Remote Schema Injection
CVSS 5.3
CVE-2021-47703 HIGH
OpenBMCS 2.4 phpQuery.php - ip Parameter Server-Side Request Forgery
CVSS 7.2
CVE-2021-38135 HIGH
OpenText iManager <3.2.6.0000 - SSRF
CVSS 8.6
CVE-2021-3742 HIGH
chatwoot < 2.5.0 - Server-Side Request Forgery via SVG Avatar Upload
CVSS 8.8
CVE-2021-38132 MEDIUM
OpenText eDirectory <9.2.6.0000 - SSRF
CVSS 5.3
Details
Vulnerabilities 2,756
Links
MITRE CWE Entry Search this CWE With Exploits