CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4638 vulnerabilities reference this CWE, most recent first.
GHSA-R55G-VW99-WW9P
Vulnerability from github – Published: 2025-07-25 15:30 – Updated: 2025-07-25 15:30Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery (SSRF) via the test webhook function.
{
"affected": [],
"aliases": [
"CVE-2025-45939"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-25T14:15:34Z",
"severity": "MODERATE"
},
"details": "Apwide Golive 10.2.0 Jira plugin allows Server-Side Request Forgery (SSRF) via the test webhook function.",
"id": "GHSA-r55g-vw99-ww9p",
"modified": "2025-07-25T15:30:53Z",
"published": "2025-07-25T15:30:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45939"
},
{
"type": "WEB",
"url": "https://golive.apwide.com/doc/latest/server-data-center/2025-06-06"
},
{
"type": "WEB",
"url": "http://golive.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-R5GX-C49X-H878
Vulnerability from github – Published: 2025-03-11 21:31 – Updated: 2025-03-11 21:31Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "rembg"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.0.57"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-25301"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2025-03-11T21:31:01Z",
"nvd_published_at": "2025-03-03T17:15:14Z",
"severity": "MODERATE"
},
"details": "Rembg is a tool to remove images background. In Rembg 2.0.57 and earlier, the /api/remove endpoint takes a URL query parameter that allows an image to be fetched, processed and returned. An attacker may be able to query this endpoint to view pictures hosted on the internal network of the rembg server. This issue may lead to Information Disclosure.",
"id": "GHSA-r5gx-c49x-h878",
"modified": "2025-03-11T21:31:02Z",
"published": "2025-03-11T21:31:01Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-25301"
},
{
"type": "PACKAGE",
"url": "https://github.com/danielgatis/rembg"
},
{
"type": "ADVISORY",
"url": "https://securitylab.github.com/advisories/GHSL-2024-161_GHSL-2024-162_rembg"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
],
"summary": "Rembg allows SSRF via /api/remove"
}
GHSA-R5HC-WM3G-HJW6
Vulnerability from github – Published: 2022-03-01 22:01 – Updated: 2022-03-18 20:42Impact
Releases prior to 3.0.2 are vulnerable to a Server-Side Request Forgery vulnerability that allows an attacker to send a request to an internal hostname.
Patches
3.0.2 contains a fix for this vulnerability. (The 1.x and 2.x releases are not maintained anymore.)
Part of the fix requires applying a patch to youtube-dl to prevent it from following HTTP redirects. If you are using the version of youtube-dl bundled with 3.0.2, it is already patched. However, if you are using your own unpatched version of youtube-dl you might still be vulnerable.
References
- https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d
- https://github.com/Rudloff/alltube/commit/1b099bb9836a3ce7c427a41722a7ab5a3d1c1b2d
- https://huntr.dev/bounties/9b14cc46-ec08-4940-83cc-9f986b2a5903/
- https://nvd.nist.gov/vuln/detail/CVE-2022-0768
- https://github.com/ytdl-org/youtube-dl/issues/30691
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "rudloff/alltube"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.0.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-0768"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-01T22:01:30Z",
"nvd_published_at": "2022-02-28T10:15:00Z",
"severity": "CRITICAL"
},
"details": "### Impact\nReleases prior to 3.0.2 are vulnerable to a Server-Side Request Forgery vulnerability that allows an attacker to send a request to an internal hostname.\n\n### Patches\n3.0.2 contains a fix for this vulnerability.\n(The 1.x and 2.x releases are not maintained anymore.)\n\nPart of the fix requires applying [a patch](https://github.com/Rudloff/alltube/blob/148a171b240e7ceb076b9e198bef412de14ac55d/patches/youtube-dl-redirect.diff) to youtube-dl to prevent it from following HTTP redirects. If you are using the version of youtube-dl bundled with 3.0.2, it is already patched.\nHowever, if you are using your own unpatched version of youtube-dl **you might still be vulnerable**.\n\n### References\n* https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d\n* https://github.com/Rudloff/alltube/commit/1b099bb9836a3ce7c427a41722a7ab5a3d1c1b2d\n* https://huntr.dev/bounties/9b14cc46-ec08-4940-83cc-9f986b2a5903/\n* https://nvd.nist.gov/vuln/detail/CVE-2022-0768\n* https://github.com/ytdl-org/youtube-dl/issues/30691",
"id": "GHSA-r5hc-wm3g-hjw6",
"modified": "2022-03-18T20:42:54Z",
"published": "2022-03-01T22:01:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/Rudloff/alltube/security/advisories/GHSA-r5hc-wm3g-hjw6"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0768"
},
{
"type": "WEB",
"url": "https://github.com/Rudloff/alltube/commit/3a4f09dda0a466662a4e52cde674749e0c668e8d"
},
{
"type": "WEB",
"url": "https://github.com/rudloff/alltube/commit/148a171b240e7ceb076b9e198bef412de14ac55d"
},
{
"type": "WEB",
"url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/rudloff/alltube/CVE-2022-0768.yaml"
},
{
"type": "WEB",
"url": "https://github.com/Rudloff/alltube"
},
{
"type": "WEB",
"url": "https://huntr.dev/bounties/9b14cc46-ec08-4940-83cc-9f986b2a5903"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Server-Side Request Forgery (SSRF) in rudloff/alltube"
}
GHSA-R5M6-HX76-J96R
Vulnerability from github – Published: 2024-06-03 09:30 – Updated: 2026-04-01 18:31Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.
{
"affected": [],
"aliases": [
"CVE-2024-35637"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-06-03T09:15:09Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6.",
"id": "GHSA-r5m6-hx76-j96r",
"modified": "2026-04-01T18:31:47Z",
"published": "2024-06-03T09:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-35637"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/Wordpress/Plugin/church-admin/vulnerability/wordpress-church-admin-plugin-4-3-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-3-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R5V8-C28H-F8R8
Vulnerability from github – Published: 2026-04-12 03:30 – Updated: 2026-04-14 20:04A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "metagpt"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.8.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-6111"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-04-14T20:04:19Z",
"nvd_published_at": "2026-04-12T03:16:08Z",
"severity": "LOW"
},
"details": "A security flaw has been discovered in FoundationAgents MetaGPT up to 0.8.2. This impacts the function decode_image of the file metagpt/utils/common.py. The manipulation of the argument img_url_or_b64 results in server-side request forgery. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.",
"id": "GHSA-r5v8-c28h-f8r8",
"modified": "2026-04-14T20:04:19Z",
"published": "2026-04-12T03:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6111"
},
{
"type": "WEB",
"url": "https://github.com/FoundationAgents/MetaGPT/issues/1934"
},
{
"type": "WEB",
"url": "https://github.com/FoundationAgents/MetaGPT/pull/1941"
},
{
"type": "PACKAGE",
"url": "https://github.com/FoundationAgents/MetaGPT"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/791762"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/356971"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/356971/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "MetaGPT affected by server-side request forgery in metagpt/utils/common.py"
}
GHSA-R5VC-6528-FGF9
Vulnerability from github – Published: 2024-12-20 18:31 – Updated: 2024-12-20 18:31A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.
{
"affected": [],
"aliases": [
"CVE-2024-12840"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-20T16:15:23Z",
"severity": "MODERATE"
},
"details": "A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.",
"id": "GHSA-r5vc-6528-fgf9",
"modified": "2024-12-20T18:31:32Z",
"published": "2024-12-20T18:31:32Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-12840"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-12840"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333494"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R5VX-XXJW-M795
Vulnerability from github – Published: 2025-10-01 18:30 – Updated: 2025-10-01 18:30In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.
{
"affected": [],
"aliases": [
"CVE-2025-20371"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-10-01T17:15:40Z",
"severity": "HIGH"
},
"details": "In Splunk Enterprise versions below 10.0.1, 9.4.4, 9.3.6 and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.109, 9.3.2408.119 and 9.2.2406.122, an unauthenticated attacker could trigger a blind server-side request forgery (SSRF) potentially letting an attacker perform REST API calls on behalf of an authenticated high-privileged user.",
"id": "GHSA-r5vx-xxjw-m795",
"modified": "2025-10-01T18:30:39Z",
"published": "2025-10-01T18:30:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20371"
},
{
"type": "WEB",
"url": "https://advisory.splunk.com/advisories/SVD-2025-1006"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-R5X3-96CJ-22FQ
Vulnerability from github – Published: 2024-04-15 09:30 – Updated: 2026-04-28 21:34Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more – Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more – Wappointment: from n/a through 2.6.0.
{
"affected": [],
"aliases": [
"CVE-2024-32454"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-15T07:15:11Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in Wappointment Appointment Bookings for Zoom GoogleMeet and more \u2013 Wappointment.This issue affects Appointment Bookings for Zoom GoogleMeet and more \u2013 Wappointment: from n/a through 2.6.0.",
"id": "GHSA-r5x3-96cj-22fq",
"modified": "2026-04-28T21:34:39Z",
"published": "2024-04-15T09:30:54Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32454"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/vulnerability/wappointment/wordpress-wappointment-plugin-2-6-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R626-8PV5-VWQ9
Vulnerability from github – Published: 2022-10-14 12:00 – Updated: 2022-10-17 19:00The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.
{
"affected": [],
"aliases": [
"CVE-2022-36802"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-10-14T04:15:00Z",
"severity": "MODERATE"
},
"details": "The ManageJiraConnectors API in Atlassian Jira Align before version 10.109.2 allows remote attackers to exploit this issue to access internal network resources via a Server-Side Request Forgery. This can be exploited by a remote, unauthenticated attacker with Super Admin privileges by sending a specially crafted HTTP request.",
"id": "GHSA-r626-8pv5-vwq9",
"modified": "2022-10-17T19:00:29Z",
"published": "2022-10-14T12:00:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36802"
},
{
"type": "WEB",
"url": "https://jira.atlassian.com/browse/JIRAALIGN-4326"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-R62F-J7FR-MVVX
Vulnerability from github – Published: 2022-05-24 17:40 – Updated: 2022-05-24 17:40A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header 'HOST' value to cause the server to send the request.
{
"affected": [],
"aliases": [
"CVE-2020-23776"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-26T22:15:00Z",
"severity": "HIGH"
},
"details": "A SSRF vulnerability exists in Winmail 6.5 in app.php in the key parameter when HTTPS is on. An attacker can use this vulnerability to cause the server to send a request to a specific URL. An attacker can modify the request header \u0027HOST\u0027 value to cause the server to send the request.",
"id": "GHSA-r62f-j7fr-mvvx",
"modified": "2022-05-24T17:40:07Z",
"published": "2022-05-24T17:40:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-23776"
},
{
"type": "WEB",
"url": "https://github.com/zhonghaozhao/winmail/issues/3"
}
],
"schema_version": "1.4.0",
"severity": []
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.