Server Side Request Forgery (SSRF)
| Risk Factor | 4/5 |
|---|---|
| Exploitability | 4/5 |
| Prevalence | 5/5 |
| Impact | 3/5 |
| Detectability | 4/5 |
SSRF: vulnerability that allows an attacker to send request on the behalf of the server. It allows the attacker to “forge” the request signature of the vulnerable server, therefore assuming a privileged position on a network, bypassing firewall control, and againing access to internal services.
Mitigation
URL input must be validated