Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,681)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-45119 1Adobe 3Commerce Commerce B2bMagento Dec 12, 2024 Oct 10, 2024 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authentic...Show more Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.Show less
CVE-2024-47008 1Ivanti 1Avalanche Oct 16, 2024 Oct 8, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.
CVE-2024-45291 1Phpoffice 1Phpspreadsheet Oct 16, 2024 Oct 7, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HT...Show more PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file that links images from arbitrary paths. When embedding images has been enabled in HTML writer with `$writer->setEmbedImages(true);` those files will be included in the output as `data:` URLs, regardless of the file's type. Also URLs can be used for embedding, resulting in a Server-Side Request Forgery vulnerability. When embedding images has been enabled, an attacker can read arbitrary files on the server and perform arbitrary HTTP GET requests. Note that any PHP protocol wrappers can be used, meaning that if for example the `expect://` wrapper is enabled, also remote code execution is possible. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. there are no known workarounds for this vulnerability.Show less
CVE-2024-45290 1Phpoffice 1Phpspreadsheet Oct 16, 2024 Oct 7, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet ret...Show more PHPSpreadsheet is a pure PHP library for reading and writing spreadsheet files. It's possible for an attacker to construct an XLSX file which links media from external URLs. When opening the XLSX file, PhpSpreadsheet retrieves the image size and type by reading the file contents, if the provided path is a URL. By using specially crafted `php://filter` URLs an attacker can leak the contents of any file or URL. Note that this vulnerability is different from GHSA-w9xv-qf98-ccq4, and resides in a different component. An attacker can access any file on the server, or leak information form arbitrary URLs, potentially exposing sensitive information such as AWS IAM credentials. This issue has been addressed in release versions 1.29.2, 2.1.1, and 2.3.0. All users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2024-9410 1Ada 1Ada Nov 22, 2024 Oct 4, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Ada.cx's Sentry configuration allowed for blind server-side request forgeries (SSRF) through the use of a data scraping endpoint.
CVE-2024-45843 1Mattermost 1Mattermost Server Sep 26, 2024 Sep 26, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or...Show more Mattermost versions 9.5.x <= 9.5.8 fail to include the metadata endpoints of Oracle Cloud and Alibaba in the SSRF denylist, which allows an attacker to possibly cause an SSRF if Mattermost was deployed in Oracle Cloud or Alibaba.Show less
CVE-2024-47222 1Myoffice 1My Office Sdk Mar 18, 2025 Sep 23, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 New Cloud MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8 allows SSRF via manipulation of requests from external document storage via the MS-WOPI protocol.
CVE-2024-40441 - - Sep 26, 2024 Sep 23, 2024 N/A· v4 6.6 MEDIUM· v3 N/A· v2 An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate pri...Show more An issue in Doccano Open source annotation tools for machine learning practitioners v.1.8.4 and Doccano Auto Labeling Pipeline module to annotate a document automatically v.0.1.23 allows a remote attacker to escalate privileges via the model_attribs parameter.Show less
CVE-2024-47066 1Lobehub 1Lobe Chat Sep 30, 2024 Sep 23, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be byp...Show more Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Version 1.19.13 contains an improved fix for the issue.Show less
CVE-2024-43989 - - Apr 23, 2026 Sep 23, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Firsh Justified Image Grid justified-image-grid.This issue affects Justified Image Grid: from n/a through <= 4.6.1.
CVE-2024-46990 1Monospace 1Directus Nov 17, 2025 Sep 18, 2024 N/A· v4 5.0 MEDIUM· v3 N/A· v2 Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loop...Show more Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using other registered loopback devices (like `127.0.0.2` - `127.127.127.127`). This issue has been addressed in release versions 10.13.3 and 11.1.0. Users are advised to upgrade. Users unable to upgrade may block this bypass by manually adding the `127.0.0.0/8` CIDR range which will block access to any `127.X.X.X` ip instead of just `127.0.0.1`.Show less
CVE-2022-25777 1Acquia 1Mautic Feb 27, 2025 Sep 18, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Prior to the patched version, an authenticated user of Mautic could read system files and access the internal addresses of the application due to a Server-Side Request Forgery (SSRF) vulnerability.
CVE-2024-38183 1Microsoft 1Groupme Dec 31, 2024 Sep 17, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network.
CVE-2024-47049 1Czim 1File Handling Mar 18, 2025 Sep 17, 2024 N/A· v4 8.2 HIGH· v3 N/A· v2 The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of...Show more The czim/file-handling package before 1.5.0 and 2.x before 2.3.0 (used with PHP Composer) does not properly validate URLs within makeFromUrl and makeFromAny, leading to SSRF, and to directory traversal for the reading of local files.Show less
CVE-2024-6587 1Litellm 1Litellm Sep 20, 2024 Sep 13, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing...Show more A Server-Side Request Forgery (SSRF) vulnerability exists in berriai/litellm version 1.38.10. This vulnerability allows users to specify the `api_base` parameter when making requests to `POST /chat/completions`, causing the application to send the request to the domain specified by `api_base`. This request includes the OpenAI API key. A malicious user can set the `api_base` to their own domain and intercept the OpenAI API key, leading to unauthorized access and potential misuse of the API key.Show less
CVE-2024-8635 1Gitlab 1Gitlab Nov 21, 2024 Sep 12, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to...Show more A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resources using a custom Maven Dependency Proxy URLShow less
CVE-2021-38132 1Microfocus 1Edirectory Sep 18, 2024 Sep 12, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Possible External Service Interaction attack in eDirectory has been discovered in OpenText™ eDirectory. This impact all version before 9.2.6.0000.
CVE-2024-44677 1Eladmin 1Eladmin Mar 31, 2025 Sep 10, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 eladmin v2.7 and before is vulnerable to Server-Side Request Forgery (SSRF) which allows an attacker to execute arbitrary code via the DatabaseController.java component.
CVE-2023-37230 1Loftware 1Spectrum Jul 10, 2025 Sep 10, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.
CVE-2023-37229 1Loftware 1Spectrum Jul 3, 2025 Sep 10, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Loftware Spectrum before 5.1 allows SSRF.

Previous 1...707172...135 Next