SYM_JAVA_0020 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | High |
| Likelihood Level | Low |
Description
User input or external parameters are being passed directly to WSClient for outbound HTTP requests, allowing attackers to control the request destination. This can enable attackers to access arbitrary or internal network resources from your server.
Impact
If exploited, attackers could make your server send requests to internal services or malicious endpoints, potentially exposing sensitive data, accessing restricted resources, or enabling further attacks like internal network probing or data exfiltration. This could lead to data breaches or compromise of internal infrastructure.