SYM_JSTS_0175 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Low |
| Impact Level | Low |
| Likelihood Level | Low |
Description
Passing untrusted user input directly to the wkhtmltoimage library allows attackers to control what resources the server accesses. This can lead to the server making unintended requests on behalf of the attacker.
Impact
If exploited, an attacker could trick the server into accessing internal services or sensitive resources, potentially exposing confidential data or enabling further attacks inside your network. This can result in data breaches or compromise of internal systems.