A10:2021 – Server-Side Request Forgery (SSRF)

Share on Twitter Share on Reddit Share on Pinboard Share on Newspipe
Get the object Export to a MISP galaxy Get only values in CSV Get only values in JSON

Description
SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network ACL.
Owning organization
OWASP
Validating JSON schema
Vulnerabilities (provided by MONARC)
Creator
Cedric
License
Creative Commons Zero v1.0 Universal

Related objects

Definition of the object 
{
    "authors": [
        "https://owasp.org/Top10/A10_2021-Server-Side_Request_Forgery_(SSRF)"
    ],
    "code": "A10:2021",
    "description": "SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network ACL.",
    "label": "Server-Side Request Forgery (SSRF)",
    "language": "EN",
    "uuid": "428b0104-3d21-4d6d-872a-d728db617fdf"
}