SYM_GO_0053 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | High |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The code constructs outgoing HTTP requests using user-supplied input as the URL host or base address. This allows attackers to control where requests are sent, creating a Server-Side Request Forgery (SSRF) risk.
Impact
If exploited, an attacker could make your server send requests to internal services or sensitive endpoints, potentially exposing private data or giving access to internal networks. This can lead to data leaks, unauthorized actions, or further attacks against your infrastructure.