SYM_JSTS_0039 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
Passing untrusted user input directly to the wkhtmltopdf library in an Express app can allow attackers to make the server request arbitrary URLs. This can lead to exposing internal services or sensitive information.
Impact
If exploited, an attacker could force the server to access internal resources or external sites, potentially leaking sensitive data or enabling further attacks on your network. This could compromise backend systems and lead to data breaches.