Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,679)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-48307 1Nextcloud 1Mail Nov 21, 2024 Nov 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a...Show more Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. Starting in version 1.13.0 and prior to version 2.2.8 and 3.3.0, an attacker can use an unprotected endpoint in the Mail app to perform a SSRF attack. Nextcloud Mail app versions 2.2.8 and 3.3.0 contain a patch for this issue. As a workaround, disable the mail app.Show less
CVE-2023-48306 1Nextcloud 1Nextcloud Server Nov 21, 2024 Nov 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and pri...Show more Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Server and starting in version 22.0.0 and prior to versions 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 of Nextcloud Enterprise Server, the DNS pin middleware was vulnerable to DNS rebinding allowing an attacker to perform SSRF as a final result. Nextcloud Server 25.0.11, 26.0.6, and 27.1.0 and Nextcloud Enterprise Server 22.2.10.16, 23.0.12.11, 24.0.12.7, 25.0.11, 26.0.6, and 27.1.0 contain patches for this issue. No known workarounds are available.Show less
CVE-2023-6199 1Bookstackapp 1Bookstack May 19, 2025 Nov 20, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Book Stack version 23.10.2 allows filtering local files on the server. This is possible because the application is vulnerable to SSRF.
CVE-2023-48240 1Xwiki 1Xwiki Nov 21, 2024 Nov 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded i...Show more XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that were sent in the original request to ensure that images with restricted view right can be compared. Starting in version 11.10.1 and prior to versions 14.10.15, 15.5.1, and 15.6, this allows an attacker to steal login and session cookies that allow impersonating the current user who views the diff. The attack can be triggered with an image that references the rendered diff, thus making it easy to trigger. Apart from stealing login cookies, this also allows server-side request forgery (the result of any successful request is returned in the image's source) and viewing protected content as once a resource is cached, it is returned for all users. As only successful requests are cached, the cache will be filled by the first user who is allowed to access the resource. This has been patched in XWiki 14.10.15, 15.5.1 and 15.6. The rendered diff now only downloads images from trusted domains. Further, cookies are only sent when the image's domain is the same the requested domain. The cache has been changed to be specific for each user. As a workaround, the image embedding feature can be disabled by deleting `xwiki-platform-diff-xml-<version>.jar` in `WEB-INF/lib/`.Show less
CVE-2023-48204 1Publiccms 1Publiccms Nov 21, 2024 Nov 16, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 An issue in PublicCMS v.4.0.202302.e allows a remote attacker to obtain sensitive information via the appToken and Parameters parameter of the api/method/getHtml component.
CVE-2023-6124 1Salesagility 1Suitecrm Nov 21, 2024 Nov 14, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) in GitHub repository salesagility/suitecrm prior to 7.14.2, 8.4.2, 7.12.14.
CVE-2023-46207 1Stylemixthemes 1Motors Car Dealer, Classifieds & Listing Apr 28, 2026 Nov 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in StylemixThemes Motors – Car Dealer, Classifieds & Listing.This issue affects Motors – Car Dealer, Classifieds & Listing: from n/a through 1.4.6.
CVE-2023-41239 1Blubrry 1Powerpress Apr 28, 2026 Nov 13, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Blubrry PowerPress Podcasting plugin by Blubrry.This issue affects PowerPress Podcasting plugin by Blubrry: from n/a through 11.0.6.
CVE-2023-38515 1Church Admin Project 1Church Admin Apr 28, 2026 Nov 13, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 3.7.56.
CVE-2023-37978 1Riverside 1Http Headers Apr 28, 2026 Nov 13, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Dimitar Ivanov HTTP Headers.This issue affects HTTP Headers: from n/a through 1.18.11.
CVE-2023-34013 1Ays Pro 1Poll Maker Apr 28, 2026 Nov 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Poll Maker Team Poll Maker – Best WordPress Poll Plugin.This issue affects Poll Maker – Best WordPress Poll Plugin: from n/a through 4.6.2.
CVE-2023-31219 1Wpchill 1Download Monitor Apr 28, 2026 Nov 13, 2023 N/A· v4 4.9 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in WPChill Download Monitor.This issue affects Download Monitor: from n/a through 4.8.1.
CVE-2023-23800 1Getshortcodes 1Shortcodes Ultimate Apr 28, 2026 Nov 13, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in Vova Anokhin WP Shortcodes Plugin — Shortcodes Ultimate.This issue affects WP Shortcodes Plugin — Shortcodes Ultimate: from n/a through 5.12.6.
CVE-2023-23684 1Wpengine 1Wpgraphql Apr 28, 2026 Nov 13, 2023 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5.
CVE-2022-45835 1Phonepe 1Phonepe Apr 28, 2026 Nov 13, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Server-Side Request Forgery (SSRF) vulnerability in PhonePe PhonePe Payment Solutions.This issue affects PhonePe Payment Solutions: from n/a through 1.0.15.
CVE-2023-47121 1Discourse 1Discourse Nov 21, 2024 Nov 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to serv...Show more Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the `stable` branch and version 3.2.0.beta3 of the `beta` and `tests-passed` branches. As a workaround, disable the Embedding feature.Show less
CVE-2023-46729 1Sentry 1Sentry Software Development Kit Nov 21, 2024 Nov 10, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affe...Show more sentry-javascript provides Sentry SDKs for JavaScript. An unsanitized input of Next.js SDK tunnel endpoint allows sending HTTP requests to arbitrary URLs and reflecting the response back to the user. This issue only affects users who have Next.js SDK tunneling feature enabled. The problem has been fixed in version 7.77.0.Show less
CVE-2023-42361 1Midori Global 1Better Pdf Exporter Nov 21, 2024 Nov 7, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image...Show more Local File Inclusion vulnerability in Midori-global Better PDF Exporter for Jira Server and Jira Data Center v.10.3.0 and before allows an attacker to view arbitrary files and cause other impacts via use of crafted image during PDF export.Show less
CVE-2023-46730 1Group Office 1Group Office Nov 21, 2024 Nov 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs...Show more Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests to untrusted domains. Note that protocols like file:// can also be used to access the server disk. The request result (on success) can then be retrieved using /api/download.php. This issue has been addressed in versions 6.8.15, 6.7.54, and 6.6.177. Users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2022-3172 1Kubernetes 1Apiserver Feb 13, 2025 Nov 3, 2023 N/A· v4 8.2 HIGH· v3 N/A· v2 A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the clie...Show more A security issue was discovered in kube-apiserver that allows an aggregated API server to redirect client traffic to any URL. This could lead to the client performing unexpected actions as well as forwarding the client's API server credentials to third parties.Show less

Previous 1...878889...134 Next