Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2022-0939 Server-Side Request Forgery (SSRF) in janeczku/calibre-web — janeczku/calibre-web 9.4 -2022-04-04
CVE-2022-1191 SSRF on index.php/cobrowse/proxycss/ in livehelperchat/livehelperchat — livehelperchat/livehelperchat 6.5 -2022-03-31
CVE-2022-24789 Deserialization of untrusted data in C1 CMS. — C1-CMS-Foundation 7.6 High2022-03-28
CVE-2022-0591 Formcraft3 < 3.8.28 - Unauthenticated SSRF — FormCraft 9.1 -2022-03-21
CVE-2022-0870 Server-Side Request Forgery (SSRF) in gogs/gogs — gogs/gogs 8.2 -2022-03-11
CVE-2022-0766 Server-Side Request Forgery (SSRF) in janeczku/calibre-web — janeczku/calibre-web 9.4 -2022-03-07
CVE-2022-0767 Server-Side Request Forgery (SSRF) in janeczku/calibre-web — janeczku/calibre-web 9.4 -2022-03-07
CVE-2022-0528 Server-Side Request Forgery (SSRF) in transloadit/uppy — transloadit/uppy 6.5 Medium2022-03-03
CVE-2022-0768 Server-Side Request Forgery (SSRF) in rudloff/alltube — rudloff/alltube 7.5 -2022-02-28
CVE-2022-0671 Red Hat Vscode-Xml 代码问题漏洞 — vscode-xml 9.1 -2022-02-18
CVE-2022-21215 Airspan Networks Mimosa Server-Side Request Forgery (SSRF) — MMP 10.0 Critical2022-02-18
CVE-2022-23644 Server-side request forgery in BookWyrm — bookwyrm 8.8 High2022-02-16
CVE-2021-25939 ArangoDB - Blind SSRF when Downloading Foxx Service from URL — arangodb 2.7 Low2022-02-09
CVE-2022-0508 Server-Side Request Forgery (SSRF) in chocobozzz/peertube — chocobozzz/peertube 5.3 -2022-02-08
CVE-2022-23206 Server-Side Request Forgery in Traffic Ops endpoint POST /user/login/oauth — Apache Traffic Control 7.5 -2022-02-06
CVE-2022-0339 Server-Side Request Forgery (SSRF) in janeczku/calibre-web — janeczku/calibre-web 9.1 -2022-01-30
CVE-2022-22993 Limited Server-Side Request Forgery vulnerability on Western Digital My Cloud devices. — My Cloud 7.8 High2022-01-28
CVE-2022-21697 SSRF vulnerability (requires authentication) — jupyter-server-proxy 6.3 Medium2022-01-25
CVE-2021-36349 Dell Emc Data Protection Central 代码问题漏洞 — Data Protection Central 4.3 Medium2022-01-24
CVE-2021-41809 SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, allows requests from server. — M-Files Server 3.5 Low2022-01-18
CVE-2022-0132 Server-Side Request Forgery (SSRF) in chocobozzz/peertube — chocobozzz/peertube 7.5 -2022-01-07
CVE-2021-27738 Improper Access Control to Streaming Coordinator & SSRF — Apache Kylin 7.5 -2022-01-06
CVE-2022-0086 Server-Side Request Forgery (SSRF) in transloadit/uppy — transloadit/uppy 9.8 -2022-01-04
CVE-2021-3959 Server-Side Request Forgery in Bitdefender GravityZone Update Server in Relay Mode (VA-10145) — GravityZone 6.8 Medium2021-12-16
CVE-2021-37940 GitHub Enterprise Server 代码问题漏洞 — Enterprisesearch 4.9 -2021-12-07
CVE-2021-4075 Server-Side Request Forgery (SSRF) in snipe/snipe-it — snipe/snipe-it 8.1 -2021-12-06
CVE-2021-36327 Dell EMC Streaming Data Platform 代码问题漏洞 — Dell EMC Streaming Data Platform 5.3 Medium2021-11-30
CVE-2021-3553 Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825) — Endpoint Security Tools 5.3 Medium2021-11-24
CVE-2021-3552 Insufficient validation on regular expression in EPPUpdateService config file (VA-9825) — Endpoint Security Tools 5.3 Medium2021-11-24
CVE-2021-43780 Server-Side Request Forgery (SSRF) in Redash — redash 6.8 Medium2021-11-23

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.