Server-Side Request Forgery (SSRF)

Description

Server-Side Request Forgery occur when a web server executes a request to a user supplied destination parameter that is not validated. Such vulnerabilities could allow an attacker to access internal services or to launch attacks from your web server.

Examples

Insecure Code

scala

new URL(userInput).openConnection();

Secure Code

scala

new URL(validatedInput).openConnection();

Remediation

Validate user-supplied destination parameters to prevent Server-Side Request Forgery (SSRF) attacks.

Rule Details

Field	Value
ID	CODE-0068
Category	Web
Severity	HIGH
CWE	CWE-918
Confidence	HIGH
Impact	HIGH
Likelihood	MEDIUM
Exploitability	EASY
Tags	ssrf, server-side request forgery
OWASP	N/A

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Server-Side Request Forgery (SSRF)

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

SAST Rules

IaC Rules

License Rules

Server-Side Request Forgery (SSRF) ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

Server-Side Request Forgery (SSRF)

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details