CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,756 vulnerabilities with CWE-918
CVE-2021-20325 CRITICAL
Red Hat Enterprise Linux 8.5.0 - Security Regression via Missing httpd Fixes
CVSS 9.8
CVE-2021-25939 LOW
ArangoDB 3.7.0-3.9.0-alpha.1 - Authenticated Server-Side Request Forgery via Foxx Service Download
CVSS 2.7
CVE-2021-45325 HIGH
Gitea < 1.7.0 - Server-Side Request Forgery via OpenID URL
CVSS 7.5
CVE-2021-42637 CRITICAL
PrinterLogic Web Stack <= 19.1.1.13 SP9 - Server-Side Request Forgery
CVSS 9.8
CVE-2021-22821 HIGH
EVlink <R8 V3.4.0.2 - Server-Side Request Forgery via Charging Station Parameters
CVSS 8.6
CVE-2021-36349 MEDIUM
Dell EMC Data Protection Central <19.5 - SSRF
CVSS 4.3
CVE-2021-23664 HIGH
isomorphic-git/cors-proxy < 2.7.1 - Server-Side Request Forgery via Redirection Action
CVSS 8.6
CVE-2021-41809 LOW
M-Files Server < 22.1.11017.1 - Server-Side Request Forgery via Document Preview Function
CVSS 3.5
CVE-2021-39927 LOW
GitLab 8.4-14.4.4, 14.5.0-14.5.2, 14.6.0-14.6.1 - Server-Side Request Forgery via Localhost Port 80/443
CVSS 3.5
CVE-2021-45394 HIGH
html2pdf < 5.2.4 - Deserialization of Untrusted Data via Malicious Link Tag
CVSS 8.8
CVE-2021-27738 HIGH
Apache Kylin <3.1.2 - Coordinator API Access and Server-Side Request Forgery
CVSS 7.5
CVE-2021-44659 CRITICAL
GoCD 21.3.0 - Server-Side Request Forgery via Pipeline Configuration
CVSS 9.8
CVE-2021-22056 HIGH
VMware Workspace ONE Access and Identity Manager - Server-Side Request Forgery
CVSS 7.5
CVE-2021-22054 HIGH KEV
VMware Workspace ONE UEM Console SSRF (20.0.8-20.0.8.36, 20.11.0-20.11.0.39, 21.2.0-21.2.0.26, 21.5.0-21.5.0.36)
CVSS 7.5
CVE-2021-3959 MEDIUM
Bitdefender GravityZone < 3.3.8.272 - Server-Side Request Forgery in EPPUpdateService
CVSS 6.8
CVE-2021-34425 MEDIUM
Zoom Meetings < 5.7.3 - Server-Side Request Forgery via Chat Link Preview
CVSS 4.7
CVE-2021-39057 HIGH
IBM Spectrum Protect Plus 10.1.0-10.1.8.x - Authenticated Server-Side Request Forgery
CVSS 8.1
CVE-2021-39935 MEDIUM KEV
GitLab 10.5-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Unauthenticated Server-Side Request Forgery via CI Lint API
CVSS 6.8
CVE-2021-37940 MEDIUM
Elastic Enterprise Search < 7.16.0 - Server-Side Request Forgery via GitHub Integration
CVSS 6.8
CVE-2021-4075 HIGH
Snipe-IT <6.0.0 - Server-Side Request Forgery
CVSS 7.2
CVE-2021-40091 CRITICAL
SquaredUp < 5.3.1 - Server-Side Request Forgery
CVSS 9.8
CVE-2021-29863 MEDIUM
IBM QRadar SIEM 7.3-7.4 - Authenticated Server-Side Request Forgery
CVSS 4.3
CVE-2021-40809 HIGH
Jamf Pro <10.32.0 - Privilege Escalation
CVSS 8.8
CVE-2021-36327 MEDIUM
Dell EMC Streaming Data Platform <1.3 - SSRF
CVSS 5.3
CVE-2021-43296 HIGH
Zoho ManageEngine SupportCenter Plus <11016 - SSRF
CVSS 7.5
Details
Vulnerabilities 2,756
Links
MITRE CWE Entry Search this CWE With Exploits