SYM_PY_0146 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
The code uses unvalidated input from HTTP request data (such as query parameters or form fields) to build new outgoing requests with the 'requests' library. This allows attackers to control the destination of server-side requests, exposing the app to SSRF vulnerabilities.
Impact
If exploited, attackers could make your server access internal or external systems, potentially bypassing firewalls, exposing sensitive data, or enabling further attacks. This can compromise internal infrastructure, leak data, or be used as a pivot point for more severe intrusions.