CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4641 vulnerabilities reference this CWE, most recent first.
GHSA-Q9PW-VMHH-384G
Vulnerability from github – Published: 2026-05-06 22:08 – Updated: 2026-05-12 13:33Summary
The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks.
Details
The current PraisonAI project uses _validate_url to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by urlparse to prevent SSRF attacks.
However, there are indeed differences in parsing between urlparse and the library that actually sends the request. Currently, almost all application scenarios in this project involve first using _validate_url for URL validation, and then using _get_session().get to send the request.
In reality, its underlying mechanism is requests.get.
The core issue: urlparse() and requests disagree on which host a URL like http://127.0.0.1:6666\@1.1.1.1 points to:
urlparse()treats\as a regular character and@as the userinfo-host delimiter, so it extracts hostname as1.1.1.1(public)requeststreats\as a path character, connecting to127.0.0.1(internal)
Below is a test code I wrote following the code.
import sys
from pathlib import Path
from pprint import pprint
sys.path.insert(0, str(Path(r"D:/BaiduNetdiskDownload/PraisonAI-main/PraisonAI-main/src/praisonai-agents")))
from praisonaiagents.tools import spider_tools
# url = "http://127.0.0.1:6666\@1.1.1.1"
url = "http://127.0.0.1:6666"
result = spider_tools.scrape_page(url)
if isinstance(result, dict) and "error" in result:
print("scrape failed:", result["error"])
else:
pprint(result)
When an attacker uses http://127.0.0.1:6666/, the existing detection logic can detect that this is an internal network address and block it.
However, when an attacker uses http://127.0.0.1:6666\@1.1.1.1, the detection logic resolves the host to 1.1.1.1, which is a public IP address, thus passing the verification. But in the actual request process, this URL is forwarded by requests.get to http://127.0.0.1:6666, bypassing the detection and achieving an SSRF attack.
PoC
http://127.0.0.1:6666\@1.1.1.1
Impact
SSRF
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.6.31"
},
"package": {
"ecosystem": "PyPI",
"name": "praisonaiagents"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.32"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44335"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T22:08:11Z",
"nvd_published_at": "2026-05-08T14:16:46Z",
"severity": "HIGH"
},
"details": "### Summary\nThe URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks.\n\n### Details\nThe current PraisonAI project uses _validate_url to validate the input URL. The main logic is to perform security checks on the host portion of the URL extracted by urlparse to prevent SSRF attacks.\n\n\u003cimg width=\"1290\" height=\"1145\" alt=\"QQ20260424-151256-24-1\" src=\"https://github.com/user-attachments/assets/d5f16b74-5ad2-444f-8600-b05f78a4b769\" /\u003e\n\nHowever, there are indeed differences in parsing between urlparse and the library that actually sends the request. Currently, almost all application scenarios in this project involve first using _validate_url for URL validation, and then using _get_session().get to send the request.\n\n\u003cimg width=\"1143\" height=\"740\" alt=\"QQ20260424-151437-24-2\" src=\"https://github.com/user-attachments/assets/b1bf6ec2-d32a-4dac-b814-da819e8d3c83\" /\u003e\n\nIn reality, its underlying mechanism is requests.get.\n\n\u003cimg width=\"1042\" height=\"576\" alt=\"QQ20260424-151645-24-3\" src=\"https://github.com/user-attachments/assets/e17352c3-4205-44d6-ab6e-75566480215b\" /\u003e\n\nThe core issue:\u00a0`urlparse()`\u00a0and\u00a0`requests`\u00a0disagree on which host a URL like\u00a0`http://127.0.0.1:6666\\@1.1.1.1`\u00a0points to:\n\n- `urlparse()`\u00a0treats\u00a0`\\`\u00a0as a regular character and\u00a0`@`\u00a0as the userinfo-host delimiter, so it extracts hostname as\u00a0`1.1.1.1`\u00a0(public)\n- `requests`\u00a0treats\u00a0`\\`\u00a0as a path character, connecting to\u00a0`127.0.0.1`\u00a0(internal)\n\nBelow is a test code I wrote following the code.\n\n```\nimport sys\nfrom pathlib import Path\nfrom pprint import pprint\n\nsys.path.insert(0, str(Path(r\"D:/BaiduNetdiskDownload/PraisonAI-main/PraisonAI-main/src/praisonai-agents\")))\n\nfrom praisonaiagents.tools import spider_tools\n\n# url = \"http://127.0.0.1:6666\\@1.1.1.1\"\nurl = \"http://127.0.0.1:6666\"\n\nresult = spider_tools.scrape_page(url)\n\nif isinstance(result, dict) and \"error\" in result:\n print(\"scrape failed:\", result[\"error\"])\nelse:\n pprint(result)\n```\nWhen an attacker uses `http://127.0.0.1:6666/`, the existing detection logic can detect that this is an internal network address and block it.\n\n\u003cimg width=\"1068\" height=\"128\" alt=\"QQ20260424-152007-24-4\" src=\"https://github.com/user-attachments/assets/294bff10-2af6-4960-bf69-dbf3340b1e9b\" /\u003e\n\nHowever, when an attacker uses `http://127.0.0.1:6666\\@1.1.1.1`, the detection logic resolves the host to `1.1.1.1`, which is a public IP address, thus passing the verification. But in the actual request process, this URL is forwarded by requests.get to `http://127.0.0.1:6666`, bypassing the detection and achieving an SSRF attack.\n\n\u003cimg width=\"2089\" height=\"324\" alt=\"QQ20260424-152123-24-5\" src=\"https://github.com/user-attachments/assets/4421ce42-e47b-48de-a97a-56ce56a2bbc9\" /\u003e\n\n### PoC\n```\nhttp://127.0.0.1:6666\\@1.1.1.1\n```\n\n### Impact\nSSRF",
"id": "GHSA-q9pw-vmhh-384g",
"modified": "2026-05-12T13:33:12Z",
"published": "2026-05-06T22:08:11Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/MervinPraison/PraisonAI/security/advisories/GHSA-q9pw-vmhh-384g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44335"
},
{
"type": "PACKAGE",
"url": "https://github.com/MervinPraison/PraisonAI"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "PraisonAI has an SSRF bypass"
}
GHSA-QC95-PWFH-96QQ
Vulnerability from github – Published: 2026-02-19 18:31 – Updated: 2026-02-19 18:31The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the download_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2025-12375"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-19T07:17:27Z",
"severity": "MODERATE"
},
"details": "The Printful Integration for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.11 via the advanced size chart REST API endpoint. This is due to insufficient validation of user-supplied URLs before passing them to the download_url() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary locations originating from the web application which can be used to query and modify information from internal services.",
"id": "GHSA-qc95-pwfh-96qq",
"modified": "2026-02-19T18:31:49Z",
"published": "2026-02-19T18:31:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-12375"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-rest-api-controller.php#L259"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-rest-api-controller.php#L67"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-size-guide.php#L170"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/browser/printful-shipping-for-woocommerce/tags/2.2.11/includes/class-printful-size-guide.php#L210"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3439592%40printful-shipping-for-woocommerce\u0026new=3439592%40printful-shipping-for-woocommerce\u0026sfp_email=\u0026sfph_mail="
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4cb410aa-3941-4e19-8de4-622a94766ee8?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCJQ-V94F-PFGP
Vulnerability from github – Published: 2025-04-09 18:30 – Updated: 2026-04-01 18:34Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1.
{
"affected": [],
"aliases": [
"CVE-2025-31009"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-09T17:15:33Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Jan Boddez IndieBlocks allows Server Side Request Forgery. This issue affects IndieBlocks: from n/a through 0.13.1.",
"id": "GHSA-qcjq-v94f-pfgp",
"modified": "2026-04-01T18:34:34Z",
"published": "2025-04-09T18:30:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-31009"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/indieblocks/vulnerability/wordpress-indieblocks-0-13-1-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QCPR-679Q-RHM2
Vulnerability from github – Published: 2025-10-28 17:45 – Updated: 2025-10-29 14:48Summary
This is a patch bypass of CVE-2025-58179 in commit 9ecf359. The fix blocks http://, https:// and //, but can be bypassed using backslashes (\) - the endpoint still issues a server-side fetch.
PoC
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "astro"
},
"ranges": [
{
"events": [
{
"introduced": "5.13.4"
},
{
"fixed": "5.13.10"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59837"
],
"database_specific": {
"cwe_ids": [
"CWE-79",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-10-28T17:45:04Z",
"nvd_published_at": "2025-10-28T20:15:49Z",
"severity": "HIGH"
},
"details": "### Summary\n\nThis is a patch bypass of CVE-2025-58179 in commit [9ecf359](https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252). The fix blocks `http://`, `https://` and `//`, but can be bypassed using backslashes (`\\`) - the endpoint still issues a server-side fetch.\n\n### PoC\n[https://astro.build/_image?href=\\\\raw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg\u0026f=svg](https://astro.build/_image?href=%5C%5Craw.githubusercontent.com/projectdiscovery/nuclei-templates/refs/heads/main/helpers/payloads/retool-xss.svg\u0026f=svg)",
"id": "GHSA-qcpr-679q-rhm2",
"modified": "2025-10-29T14:48:45Z",
"published": "2025-10-28T17:45:04Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/withastro/astro/security/advisories/GHSA-qcpr-679q-rhm2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59837"
},
{
"type": "WEB",
"url": "https://github.com/withastro/astro/commit/1e2499e8ea83ebfa233a18a7499e1ccf169e56f4"
},
{
"type": "WEB",
"url": "https://github.com/withastro/astro/commit/9ecf3598e2b29dd74614328fde3047ea90e67252"
},
{
"type": "PACKAGE",
"url": "https://github.com/withastro/astro"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Astro\u0027s bypass of image proxy domain validation leads to SSRF and potential XSS"
}
GHSA-QCX6-WGPR-5GXC
Vulnerability from github – Published: 2022-04-08 00:00 – Updated: 2022-04-15 00:01Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.
{
"affected": [],
"aliases": [
"CVE-2020-27375"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-07T02:15:00Z",
"severity": "MODERATE"
},
"details": "Dr Trust USA iCheck Connect BP Monitor BP Testing 118 version 1.2.1 is vulnerable to Transmitting Write Requests and Chars.",
"id": "GHSA-qcx6-wgpr-5gxc",
"modified": "2022-04-15T00:01:04Z",
"published": "2022-04-08T00:00:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27375"
},
{
"type": "WEB",
"url": "https://drtrust.in/collections/dr-trust-blood-pressure-testing/products/dr-trust-usa-icheck-connect-bp-monitor"
},
{
"type": "WEB",
"url": "https://nvermaa.medium.com/cve-on-radio-technology-d-4b65efa1ba5c"
},
{
"type": "WEB",
"url": "http://dr.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF29-H8CG-2HG4
Vulnerability from github – Published: 2026-05-28 21:32 – Updated: 2026-05-28 21:32Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block.
{
"affected": [],
"aliases": [
"CVE-2026-49093"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-28T21:16:34Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (CWE-918) in Kibana can allow an authenticated user with connector management privileges to bypass the operator-configured connector allowlist, causing the Kibana server to issue outbound requests to destinations the egress controls were intended to block.",
"id": "GHSA-qf29-h8cg-2hg4",
"modified": "2026-05-28T21:32:07Z",
"published": "2026-05-28T21:32:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49093"
},
{
"type": "WEB",
"url": "https://discuss.elastic.co/t/kibana-9-3-3-security-update-esa-2026-40/386562"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF3Q-9F3H-CJP9
Vulnerability from github – Published: 2024-08-05 21:29 – Updated: 2024-08-05 21:29NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nextchat"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.11.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2023-49785"
],
"database_specific": {
"cwe_ids": [
"CWE-79",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-05T21:29:23Z",
"nvd_published_at": "2024-03-12T00:15:26Z",
"severity": "CRITICAL"
},
"details": "NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using HTTP POST, PUT, and other methods. Attackers can also use this vulnerability to mask their source IP by forwarding malicious traffic intended for other Internet targets through these open proxies. As of time of publication, no patch is available, but other mitigation strategies are available. Users may avoid exposing the application to the public internet or, if exposing the application to the internet, ensure it is an isolated network with no access to any other internal resources.",
"id": "GHSA-qf3q-9f3h-cjp9",
"modified": "2024-08-05T21:29:23Z",
"published": "2024-08-05T21:29:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-49785"
},
{
"type": "PACKAGE",
"url": "https://github.com/ChatGPTNextWeb/ChatGPT-Next-Web"
},
{
"type": "WEB",
"url": "https://www.horizon3.ai/attack-research/attack-blogs/nextchat-an-ai-chatbot-that-lets-you-talk-to-anyone-you-want-to"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint"
}
GHSA-QF5V-Q897-M77R
Vulnerability from github – Published: 2025-09-16 15:32 – Updated: 2025-09-16 15:32The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
{
"affected": [],
"aliases": [
"CVE-2025-59436"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-16T06:16:05Z",
"severity": "LOW"
},
"details": "The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.",
"id": "GHSA-qf5v-q897-m77r",
"modified": "2025-09-16T15:32:31Z",
"published": "2025-09-16T15:32:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59436"
},
{
"type": "WEB",
"url": "https://github.com/indutny/node-ip/issues/160"
},
{
"type": "WEB",
"url": "https://cosmosofcyberspace.github.io/CVE-Application-Document.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QF94-9355-3GFF
Vulnerability from github – Published: 2025-05-07 15:31 – Updated: 2026-04-01 18:35Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. This issue affects WebinarPress: from n/a through 1.33.27.
{
"affected": [],
"aliases": [
"CVE-2025-47635"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-07T15:16:16Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in WPWebinarSystem WebinarPress allows Server Side Request Forgery. This issue affects WebinarPress: from n/a through 1.33.27.",
"id": "GHSA-qf94-9355-3gff",
"modified": "2026-04-01T18:35:04Z",
"published": "2025-05-07T15:31:47Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47635"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/wp-webinarsystem/vulnerability/wordpress-webinarpress-1-33-27-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QFM9-R3P9-8HCP
Vulnerability from github – Published: 2025-02-20 00:32 – Updated: 2025-02-20 00:32The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. (CWE-918)
Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not validate the Host header of incoming HTTP/HTTPS requests.
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests.
{
"affected": [],
"aliases": [
"CVE-2024-37359"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-19T23:15:10Z",
"severity": "HIGH"
},
"details": "The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. (CWE-918) \n\n\n\n\u00a0\n\n\n\nHitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not validate the Host header of incoming HTTP/HTTPS requests.\n\n\n\n\u00a0\n\n\n\nBy providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts in internal networks, use other URLs such as that can access documents on the system (using file://), or use other protocols such as gopher:// or tftp://, which may provide greater control over the contents of requests.",
"id": "GHSA-qfm9-r3p9-8hcp",
"modified": "2025-02-20T00:32:03Z",
"published": "2025-02-20T00:32:03Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37359"
},
{
"type": "WEB",
"url": "https://support.pentaho.com/hc/en-us/articles/34296789835917--Resolved-Hitachi-Vantara-Pentaho-Business-Analytics-Server-Server-Side-Request-Forgery-Versions-before-10-2-0-0-and-9-3-0-9-including-8-3-x-Impacted-CVE-2024-37359"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.