SYM_JSTS_0153 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Passing unvalidated user input directly to Playwright's goto() method can let attackers control which URLs are accessed. This exposes your application to unintended or malicious requests initiated by your server.
Impact
If exploited, an attacker could force your server to make requests to internal services or external sites, leading to data exposure, unauthorized actions, or use of your infrastructure in further attacks. This can compromise sensitive information and internal network security.