CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4606 vulnerabilities reference this CWE, most recent first.
GHSA-W62C-5624-MCPG
Vulnerability from github – Published: 2022-05-14 02:59 – Updated: 2022-05-14 02:59Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.
{
"affected": [],
"aliases": [
"CVE-2018-5006"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-20T19:29:00Z",
"severity": "HIGH"
},
"details": "Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.",
"id": "GHSA-w62c-5624-mcpg",
"modified": "2022-05-14T02:59:17Z",
"published": "2022-05-14T02:59:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5006"
},
{
"type": "WEB",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-23.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104702"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W62P-CM3C-7RFC
Vulnerability from github – Published: 2025-05-23 21:31 – Updated: 2025-05-23 21:31A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to manipulate URLs to direct requests to unexpected hosts or ports. This allows the attacker to use a TheHive server as a proxy to reach internal or otherwise restricted resources. This could be exploited to access other servers on the internal network.
{
"affected": [],
"aliases": [
"CVE-2025-48739"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-23T20:15:25Z",
"severity": "MODERATE"
},
"details": "A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific API endpoints) to manipulate URLs to direct requests to unexpected hosts or ports. This allows the attacker to use a TheHive server as a proxy to reach internal or otherwise restricted resources. This could be exploited to access other servers on the internal network.",
"id": "GHSA-w62p-cm3c-7rfc",
"modified": "2025-05-23T21:31:12Z",
"published": "2025-05-23T21:31:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48739"
},
{
"type": "WEB",
"url": "https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2025-002.md"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W689-557M-2CVQ
Vulnerability from github – Published: 2022-06-03 15:35 – Updated: 2022-06-03 15:35Impact
The malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected.
Patches
Webhook payload URLs are revalidated before each delivery to make sure they are not resolved to blocked local network addresses. Users should upgrade to 0.12.8 or the latest 0.13.0+dev.
Workarounds
Run Gogs in its own private network.
References
https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d/
For more information
If you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/issues/6901.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "gogs.io/gogs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-1285"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-06-03T15:35:32Z",
"nvd_published_at": "2022-06-01T06:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\nThe malicious user is able to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected.\n\n### Patches\n\nWebhook payload URLs are revalidated before each delivery to make sure they are not resolved to blocked local network addresses. Users should upgrade to 0.12.8 or the latest 0.13.0+dev.\n\n### Workarounds\n\nRun Gogs in its own private network.\n\n### References\n\nhttps://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d/\n\n### For more information\n\nIf you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/issues/6901.\n",
"id": "GHSA-w689-557m-2cvq",
"modified": "2022-06-03T15:35:32Z",
"published": "2022-06-03T15:35:32Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-w689-557m-2cvq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-1285"
},
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f"
},
{
"type": "PACKAGE",
"url": "https://github.com/gogs/gogs"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": "Server-Side Request Forgery in gogs webhook"
}
GHSA-W69P-F797-2JF5
Vulnerability from github – Published: 2024-01-08 09:30 – Updated: 2024-01-08 09:30A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871.
{
"affected": [],
"aliases": [
"CVE-2024-0304"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-08T08:15:36Z",
"severity": "MODERATE"
},
"details": "A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871.",
"id": "GHSA-w69p-f797-2jf5",
"modified": "2024-01-08T09:30:34Z",
"published": "2024-01-08T09:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0304"
},
{
"type": "WEB",
"url": "https://note.zhaoj.in/share/3jF3Xpl3ttlZ"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.249871"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.249871"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-W6C2-26PJ-HPQ6
Vulnerability from github – Published: 2022-03-15 00:01 – Updated: 2022-03-19 00:01The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have 'can add repository permission', to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
{
"affected": [],
"aliases": [
"CVE-2021-43954"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-03-14T02:15:00Z",
"severity": "MODERATE"
},
"details": "The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have \u0027can add repository permission\u0027, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.",
"id": "GHSA-w6c2-26pj-hpq6",
"modified": "2022-03-19T00:01:10Z",
"published": "2022-03-15T00:01:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-43954"
},
{
"type": "WEB",
"url": "https://jira.atlassian.com/browse/CRUC-8520"
},
{
"type": "WEB",
"url": "https://jira.atlassian.com/browse/FE-7384"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W6MV-QPWP-2H37
Vulnerability from github – Published: 2026-07-01 18:31 – Updated: 2026-07-01 18:31NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-24242"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-01T16:16:44Z",
"severity": "HIGH"
},
"details": "NVIDIA Megatron Bridge for Linux contains a vulnerability where an attacker could cause server-side request forgery. A successful exploit of this vulnerability might lead to information disclosure.",
"id": "GHSA-w6mv-qpwp-2h37",
"modified": "2026-07-01T18:31:47Z",
"published": "2026-07-01T18:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24242"
},
{
"type": "WEB",
"url": "https://github.com/NVIDIA/product-security/tree/main/2026/5841"
},
{
"type": "WEB",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-24242"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-W6PM-7X44-M335
Vulnerability from github – Published: 2023-08-22 21:30 – Updated: 2024-10-29 21:30A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an unauthenticated remote attacker to conduct a server-side request forgery (SSRF) attack. A successful exploit allows an attacker to enumerate information about the internal structure of the EdgeConnect SD-WAN Orchestrator host leading to potential disclosure of sensitive information.
{
"affected": [],
"aliases": [
"CVE-2023-37440"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-22T19:16:38Z",
"severity": "MODERATE"
},
"details": "A vulnerability in the web-based management interface\u00a0of EdgeConnect SD-WAN Orchestrator could allow an\u00a0unauthenticated remote attacker to conduct a server-side\u00a0request forgery (SSRF) attack. A successful exploit allows\u00a0an attacker to enumerate information about the internal\n\u00a0 \u00a0 structure of the EdgeConnect SD-WAN Orchestrator host leading\u00a0to potential disclosure of sensitive information.\n\n",
"id": "GHSA-w6pm-7x44-m335",
"modified": "2024-10-29T21:30:43Z",
"published": "2023-08-22T21:30:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37440"
},
{
"type": "WEB",
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W6Q8-88PH-G9VQ
Vulnerability from github – Published: 2024-08-13 21:31 – Updated: 2024-08-13 21:31A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2024-7743"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-13T21:15:17Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in wanglongcn ltcms 1.0.20. It has been declared as critical. Affected by this vulnerability is the function downloadUrl of the file /api/file/downloadUrl of the component API Endpoint. The manipulation of the argument file leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-w6q8-88ph-g9vq",
"modified": "2024-08-13T21:31:56Z",
"published": "2024-08-13T21:31:56Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7743"
},
{
"type": "WEB",
"url": "https://github.com/DeepMountains/Mirage/blob/main/CVE14-4.md"
},
{
"type": "WEB",
"url": "https://vuldb.com/?ctiid.274363"
},
{
"type": "WEB",
"url": "https://vuldb.com/?id.274363"
},
{
"type": "WEB",
"url": "https://vuldb.com/?submit.386435"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-W6R8-2M56-2CWG
Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2024-02-26 18:30The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2024-1758"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-26T16:27:53Z",
"severity": "MODERATE"
},
"details": "The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"id": "GHSA-w6r8-2m56-2cwg",
"modified": "2024-02-26T18:30:30Z",
"published": "2024-02-26T18:30:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1758"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/woocommerce-superfaktura/trunk/class-wc-superfaktura.php#L3418"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040372%40woocommerce-superfaktura\u0026new=3040372%40woocommerce-superfaktura\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/520598d7-863f-4bf3-ba74-fa9b2cc32767?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-W6VH-49P9-J7C9
Vulnerability from github – Published: 2024-04-10 00:30 – Updated: 2024-04-10 00:30Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.
{
"affected": [],
"aliases": [
"CVE-2023-40148"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-10T00:15:09Z",
"severity": "MODERATE"
},
"details": "Server-side request forgery (SSRF) in PingFederate allows unauthenticated http requests to attack network resources and consume server-side resources via forged HTTP POST requests.\n",
"id": "GHSA-w6vh-49p9-j7c9",
"modified": "2024-04-10T00:30:29Z",
"published": "2024-04-10T00:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40148"
},
{
"type": "WEB",
"url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/tuj1708533127032"
},
{
"type": "WEB",
"url": "https://www.pingidentity.com/en/resources/downloads/pingfederate/previous-releases.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.