SYM_JSTS_0151 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Passing untrusted user input directly into Playwright's evaluate or evaluateHandle methods can allow attackers to execute arbitrary code in the browser context. This means user data is used in a way that could manipulate page behavior or access sensitive resources.
Impact
If exploited, attackers could make the server perform unwanted requests or interact with internal services (SSRF), potentially exposing internal data or enabling further attacks. This could compromise sensitive information or systems not intended to be accessible from the outside.