SYM_JSTS_0139 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Passing untrusted or unvalidated user input directly to Puppeteer's goto method can allow attackers to make the server request arbitrary URLs. This exposes the application to security risks when handling external or user-supplied links.
Impact
If exploited, attackers could force your server to make requests to internal services or malicious websites, potentially accessing sensitive data, performing unauthorized actions, or using your resources for further attacks (SSRF). This can lead to data leaks, service disruption, or exposure of internal infrastructure.