SYM_RB_0046 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Server-Side Request Forgery (SSRF)
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description
The application uses user-supplied input (like params, cookies, or request headers) to build HTTP requests without validation. This allows attackers to control the destination or content of outbound requests from your server.
Impact
An attacker could trick your server into making unintended requests to internal or external systems, potentially exposing sensitive data, accessing internal resources, or being used as a proxy for malicious activity. This can lead to data breaches, unauthorized access, or service misuse.