SYM_PY_0210 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Medium |
Description
User-supplied data from a web request is being used directly to build the URL for an outgoing server-side HTTP request. This allows attackers to control where your server connects, which is unsafe if not properly validated.
Impact
If exploited, an attacker could make your server send requests to internal services or arbitrary external sites, potentially exposing sensitive data, enabling attacks on internal infrastructure, or using your server as a proxy for further attacks. This can lead to data breaches, service disruptions, or unauthorized access to internal resources.