Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,678)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-4882 1Ibm 1Planning Analytics Nov 21, 2024 Mar 22, 2021 N/A· v4 6.1 MEDIUM· v3 5.8 MEDIUM· v2 IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network...Show more IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Request Forgery (SSRF) attack by constucting URLs from user-controlled data . This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 190852.Show less
CVE-2020-5014 1Ibm 1Datapower Gateway Nov 21, 2024 Mar 8, 2021 N/A· v4 6.7 MEDIUM· v3 4.6 MEDIUM· v2 IBM DataPower Gateway V10 and V2018 could allow a local attacker with administrative privileges to execute arbitrary code on the system using a server-side requesr forgery attack. IBM X-Force ID: 193247.
CVE-2021-26855 1Microsoft 1Exchange Server Dec 18, 2025 Mar 3, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Microsoft Exchange Server Remote Code Execution Vulnerability
CVE-2020-12529 1Mbconnectline 2Mbconnect24 Mymbconnect24 Nov 21, 2024 Mar 2, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT24 software in all versions through V2.6.2 There is a SSRF in the LDAP access check, allowing an attacker to scan for open ports.
CVE-2021-23345 1Thecodingmachine 1Gotenberg Nov 21, 2024 Feb 26, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system fil...Show more All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.Show less
CVE-2020-23534 1Masterlab 1Masterlab Nov 21, 2024 Feb 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 A server-side request forgery (SSRF) vulnerability in Upgrade.php of gopeak masterlab 2.1.5, via the 'source' parameter.
CVE-2021-27670 1Appspace 1Appspace Nov 21, 2024 Feb 25, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
CVE-2020-11988 2Apache Fedoraproject 2Fedora Xmlgraphics Commons Nov 21, 2024 Feb 24, 2021 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnera...Show more Apache XmlGraphics Commons 2.4 and earlier is vulnerable to server-side request forgery, caused by improper input validation by the XMPParser. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests. Users should upgrade to 2.6 or later.Show less
CVE-2020-11987 4Apache DebianFedoraproject+1 more 22Agile Engineering Data Management Banking ApisBanking Digital Experience+19 more Nov 3, 2025 Feb 24, 2021 N/A· v4 8.2 HIGH· v3 6.4 MEDIUM· v2 Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the...Show more Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.Show less
CVE-2021-21973 1Vmware 2Cloud Foundation Vcenter Server Oct 30, 2025 Feb 24, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this is...Show more The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server plugin. A malicious actor with network access to port 443 may exploit this issue by sending a POST request to vCenter Server plugin leading to information disclosure. This affects: VMware vCenter Server (7.x before 7.0 U1c, 6.7 before 6.7 U3l and 6.5 before 6.5 U3n) and VMware Cloud Foundation (4.x before 4.2 and 3.x before 3.10.1.2).Show less
CVE-2020-8902 1Google 1Rendertron Nov 21, 2024 Feb 23, 2021 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal site...Show more Rendertron versions prior to 3.0.0 are are susceptible to a Server-Side Request Forgery (SSRF) attack. An attacker can use a specially crafted webpage to force a rendertron headless chrome process to render internal sites it has access to, and display it as a screenshot. Suggested mitigations are to upgrade your rendertron to version 3.0.0, or, if you cannot update, to secure the infrastructure to limit the headless chrome's access to your internal domain.Show less
CVE-2020-36232 1Atlassian 1Atlassian Gadgets Nov 21, 2024 Feb 22, 2021 N/A· v4 5.0 MEDIUM· v3 4.0 MEDIUM· v2 The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 al...Show more The MessageBundleWhiteList class of atlassian-gadgets before version 4.2.37, from version 4.3.0 before 4.3.14, from version 4.3.2.0 before 4.3.2.4, from version 4.4.0 before 4.4.12, and from version 5.0.0 before 5.0.1 allowed unexpected DNS lookups and requests to arbitrary services as it incorrectly obtained application base url information from the executing http request which could be attacker controlled.Show less
CVE-2021-27214 1Zohocorp 1Manageengine Adselfservice Plus Nov 21, 2024 Feb 19, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cr...Show more A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905.Show less
CVE-2021-3204 1Webware 1Webdesktop Nov 21, 2024 Feb 19, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 SSRF in the document conversion component of Webware Webdesktop 5.1.15 allows an attacker to read all files from the server.
CVE-2020-10252 1Owncloud 1Owncloud Nov 21, 2024 Feb 19, 2021 N/A· v4 8.3 HIGH· v3 6.5 MEDIUM· v2 An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or con...Show more An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharing/external remote parameter), an authenticated attacker can interact with local services blindly (aka Blind SSRF) or conduct a Denial Of Service attack.Show less
CVE-2021-27329 1Frendi 1Frendica Nov 21, 2024 Feb 18, 2021 N/A· v4 10.0 CRITICAL· v3 10.0 HIGH· v2 Friendica 2021.01 allows SSRF via parse_url?binurl= for DNS lookups or HTTP requests to arbitrary domain names.
CVE-2020-28463 2Fedoraproject Reportlab 2Fedora Reportlab Nov 21, 2024 Feb 18, 2021 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Kar...Show more All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRFShow less
CVE-2021-27103 1Accellion 1Fta Nov 3, 2025 Feb 16, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Accellion FTA 9_12_411 and earlier is affected by SSRF via a crafted POST request to wmProgressstat.html. The fixed version is FTA_9_12_416 and later.
CVE-2020-35561 2Helmholz Mbconnectline 4Mbconnect24 Mymbconnect24Myrex24+1 more Nov 21, 2024 Feb 16, 2021 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan...Show more An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.Show less
CVE-2020-35558 2Helmholz Mbconnectline 4Mbconnect24 Mymbconnect24Myrex24+1 more Nov 21, 2024 Feb 16, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open port...Show more An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.Show less

Previous 1...115116117...134 Next