Back to CWE Lookup

CWE-918: Server-Side Request Forgery (SSRF)

BaseIncomplete
🏆 #14 in CWE Top 25 20245
View on MITRE

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Technical Details

Structure
Simple

Applicable To

Languages
Not Language-Specific
Platforms

🏆 CWE Top 25 Historical Ranking

2023:#19
Score: 4.56
287 CVEs
2024:#14↑5
Score: 13.74
306 CVEs
Trend:Worsening (moved down 5 ranks)

Additional Resources

CWE-918: Server-Side Request Forgery (SSRF) | #14 in CWE Top 25 2024 | CWE Lookup | Inventive HQ