Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4625 vulnerabilities reference this CWE, most recent first.

GHSA-V6VR-JVVR-P4M5

Vulnerability from github – Published: 2022-08-11 00:00 – Updated: 2022-08-13 00:00
VLAI
Details

Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-2756"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-08-10T16:15:00Z",
    "severity": "MODERATE"
  },
  "details": "Server-Side Request Forgery (SSRF) in GitHub repository kareadita/kavita prior to 0.5.4.1.",
  "id": "GHSA-v6vr-jvvr-p4m5",
  "modified": "2022-08-13T00:00:26Z",
  "published": "2022-08-11T00:00:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-2756"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kareadita/kavita/commit/9c31f7e7c81b919923cb2e3857439ec0d16243e4"
    },
    {
      "type": "WEB",
      "url": "https://huntr.dev/bounties/95e7c181-9d80-4428-aebf-687ac55a9216"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V73R-F3CX-PM99

Vulnerability from github – Published: 2023-12-16 12:30 – Updated: 2023-12-16 12:30
VLAI
Details

A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-6852"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-16T12:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical has been found in kalcaddle KodExplorer up to 4.51.03. Affected is an unknown function of the file plugins/webodf/app.php. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.52.01 is able to address this issue. The name of the patch is 5cf233f7556b442100cf67b5e92d57ceabb126c6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-248220.",
  "id": "GHSA-v73r-f3cx-pm99",
  "modified": "2023-12-16T12:30:16Z",
  "published": "2023-12-16T12:30:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-6852"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kalcaddle/KodExplorer/commit/5cf233f7556b442100cf67b5e92d57ceabb126c6"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kalcaddle/KodExplorer/releases/tag/4.52.01"
    },
    {
      "type": "WEB",
      "url": "https://note.zhaoj.in/share/P6lQNyqQn3zY"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.248220"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.248220"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V746-9WXC-9RC8

Vulnerability from github – Published: 2025-05-07 15:31 – Updated: 2026-04-01 18:35
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-47464"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-07T15:16:00Z",
    "severity": "MODERATE"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in solacewp Solace Extra allows Server Side Request Forgery. This issue affects Solace Extra: from n/a through 1.3.1.",
  "id": "GHSA-v746-9wxc-9rc8",
  "modified": "2026-04-01T18:35:01Z",
  "published": "2025-05-07T15:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47464"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/wordpress/plugin/solace-extra/vulnerability/wordpress-solace-extra-1-3-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V77M-X7VQ-CW6F

Vulnerability from github – Published: 2025-03-03 06:30 – Updated: 2025-03-03 06:30
VLAI
Details

A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-1849"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-03-03T04:15:08Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability classified as critical was found in zj1983 zz up to 2024-8. Affected by this vulnerability is an unknown functionality of the file /import_data_todb. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
  "id": "GHSA-v77m-x7vq-cw6f",
  "modified": "2025-03-03T06:30:34Z",
  "published": "2025-03-03T06:30:34Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1849"
    },
    {
      "type": "WEB",
      "url": "https://github.com/caigo8/CVE-md/blob/main/zz/zz_import_data_todb_SSRF.md"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?ctiid.298117"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?id.298117"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/?submit.505346"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-V78R-CHCJ-PP8V

Vulnerability from github – Published: 2024-07-22 12:30 – Updated: 2024-07-22 12:30
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-37942"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-22T11:15:02Z",
    "severity": "HIGH"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5.",
  "id": "GHSA-v78r-chcj-pp8v",
  "modified": "2024-07-22T12:30:37Z",
  "published": "2024-07-22T12:30:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37942"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/searchpro/wordpress-berqwp-plugin-1-7-5-unauthenticated-non-blind-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V79F-2PH6-GVM9

Vulnerability from github – Published: 2026-04-27 00:30 – Updated: 2026-04-27 00:30
VLAI
Details

A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-7065"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-27T00:16:20Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability has been found in BidingCC BuildingAI up to 26.0.1. Impacted is the function uploadRemoteFile of the file packages/core/src/modules/upload/services/file-storage.service.ts of the component Remote Upload API. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.",
  "id": "GHSA-v79f-2ph6-gvm9",
  "modified": "2026-04-27T00:30:27Z",
  "published": "2026-04-27T00:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7065"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BidingCC/BuildingAI/issues/110"
    },
    {
      "type": "WEB",
      "url": "https://github.com/BidingCC/BuildingAI"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/submit/798621"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359640"
    },
    {
      "type": "WEB",
      "url": "https://vuldb.com/vuln/359640/cti"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-V7GR-MQPJ-WWH3

Vulnerability from github – Published: 2024-08-09 18:21 – Updated: 2024-08-12 16:01
VLAI
Summary
CometVisu Backend for openHAB affected by SSRF/XSS
Details

The proxy endpoint of openHAB's CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forgery (SSRF) to induce GET HTTP requests to internal-only servers, in case openHAB is exposed in a non-private network.

Furthermore, this proxy-feature can also be exploited as a Cross-Site Scripting (XSS) vulnerability, as an attacker is able to re-route a request to their server and return a page with malicious JavaScript code. Since the browser receives this data directly from the openHAB CometVisu UI, this JavaScript code will be executed with the origin of the CometVisu UI. This allows an attacker to exploit call endpoints on an openHAB server even if the openHAB server is located in a private network. (e.g. by sending an openHAB admin a link that proxies malicious JavaScript.)

This vulnerability was discovered with the help of CodeQL's Server-side request forgery query.

Impact

This issue may lead up to Remote Code Execution (RCE) when chained with other vulnerabilities (see: GHSL-2024-007).

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.2.0"
      },
      "package": {
        "ecosystem": "Maven",
        "name": "org.openhab.ui.bundles:org.openhab.ui.cometvisu"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-42467"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-08-09T18:21:07Z",
    "nvd_published_at": "2024-08-12T13:38:34Z",
    "severity": "HIGH"
  },
  "details": "The [proxy endpoint](https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/backend/rest/ProxyResource.java#L83) of openHAB\u0027s CometVisu add-on can be accessed without authentication. This proxy-feature can be exploited as Server-Side Request Forgery (SSRF) to induce GET HTTP requests to internal-only servers, in case openHAB is exposed in a non-private network.\n\nFurthermore, this proxy-feature can also be exploited as a Cross-Site Scripting (XSS) vulnerability, as an attacker is able to re-route a request to their server and return a page with malicious JavaScript code. Since the browser receives this data directly from the openHAB CometVisu UI, this JavaScript code will be executed with the origin of the CometVisu UI. This allows an attacker to exploit call endpoints on an openHAB server even if the openHAB server is located in a private network. (e.g. by sending an openHAB admin a link that proxies malicious JavaScript.)\n\nThis vulnerability was discovered with the help of CodeQL\u0027s [Server-side request forgery](https://codeql.github.com/codeql-query-help/java/java-ssrf/) query.\n\n## Impact\n\nThis issue may lead up to Remote Code Execution (RCE) when chained with other vulnerabilities (see: GHSL-2024-007).",
  "id": "GHSA-v7gr-mqpj-wwh3",
  "modified": "2024-08-12T16:01:01Z",
  "published": "2024-08-09T18:21:07Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openhab/openhab-webui/security/advisories/GHSA-v7gr-mqpj-wwh3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42467"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openhab/openhab-webui/commit/630e8525835c698cf58856aa43782d92b18087f2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openhab/openhab-webui"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openhab/openhab-webui/blob/1c03c60f84388b9d7da0231df2d4ebb1e17d3fcf/bundles/org.openhab.ui.cometvisu/src/main/java/org/openhab/ui/cometvisu/internal/backend/rest/ProxyResource.java#L83"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "CometVisu Backend for openHAB affected by SSRF/XSS"
}

GHSA-V7Q5-M92R-6WC2

Vulnerability from github – Published: 2023-08-01 15:30 – Updated: 2024-04-04 06:28
VLAI
Details

rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-39109"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-08-01T14:15:10Z",
    "severity": "HIGH"
  },
  "details": "rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.",
  "id": "GHSA-v7q5-m92r-6wc2",
  "modified": "2024-04-04T06:28:15Z",
  "published": "2023-08-01T15:30:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-39109"
    },
    {
      "type": "WEB",
      "url": "https://github.com/zer0yu/CVE_Request/blob/master/rConfig/rConfig_path_a.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V82V-RQ72-PHQ9

Vulnerability from github – Published: 2022-01-26 22:13 – Updated: 2022-01-31 22:00
VLAI
Summary
Server side request forgery in @isomorphic-git/cors-proxy
Details

The package @isomorphic-git/cors-proxy before 2.7.1 is vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@isomorphic-git/cors-proxy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.7.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-23664"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-01-24T22:53:26Z",
    "nvd_published_at": "2022-01-21T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "The package @isomorphic-git/cors-proxy before 2.7.1 is vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js.",
  "id": "GHSA-v82v-rq72-phq9",
  "modified": "2022-01-31T22:00:02Z",
  "published": "2022-01-26T22:13:05Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23664"
    },
    {
      "type": "WEB",
      "url": "https://github.com/isomorphic-git/cors-proxy/commit/1b1c91e71d946544d97ccc7cf0ac62b859e03311"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/isomorphic-git/cors-proxy"
    },
    {
      "type": "WEB",
      "url": "https://snyk.io/vuln/SNYK-JS-ISOMORPHICGITCORSPROXY-1734788"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Server side request forgery in @isomorphic-git/cors-proxy"
}

GHSA-V8F7-CG9P-W5JX

Vulnerability from github – Published: 2026-04-10 21:31 – Updated: 2026-06-08 12:50
VLAI
Summary
Duplicate Advisory: GeoNode contains a server-side request forgery vulnerability in the service registration endpoint
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-hw9r-6m78-w6h3. This link is maintained to preserve external references.

Original Description

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. Attackers can probe internal network targets including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services by exploiting insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "geonode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.0"
            },
            {
              "fixed": "4.4.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "geonode"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.0.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-08T12:50:43Z",
    "nvd_published_at": "2026-04-10T20:16:22Z",
    "severity": "MODERATE"
  },
  "details": "### Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-hw9r-6m78-w6h3. This link is maintained to preserve external references.\n\n### Original Description\nGeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. Attackers can probe internal network targets including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services by exploiting insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement.",
  "id": "GHSA-v8f7-cg9p-w5jx",
  "modified": "2026-06-08T12:50:43Z",
  "published": "2026-04-10T21:31:15Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/GeoNode/geonode/security/advisories/GHSA-hw9r-6m78-w6h3"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-39922"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GeoNode/geonode/releases/tag/4.4.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/GeoNode/geonode/releases/tag/5.0.2"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/geonode-ssrf-via-service-registration"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Duplicate Advisory: GeoNode contains a server-side request forgery vulnerability in the service registration endpoint",
  "withdrawn": "2026-06-08T12:50:43Z"
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.