CWE-918: Server-Side Request Forgery (SSRF)

BaseIncomplete🏆 #14 in Top 25 (2024)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

View on MITRE

306Related CVEs

13.74Severity Score

Back to CWE Lookup

Technical Details

Structure: Simple

Applicable To

Languages

Not Language-Specific

Platforms

🏆 CWE Top 25 Historical Ranking

2023:#19

Score: 4.56

287 CVEs

2024:#14↑5

Score: 13.74

306 CVEs

Trend:Worsening (moved down 5 ranks)

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-918

CWE Top 25 Most Dangerous

See how this weakness ranks against others

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references