CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4658 vulnerabilities reference this CWE, most recent first.
GHSA-576C-3J53-R9JJ
Vulnerability from github – Published: 2024-10-10 22:01 – Updated: 2025-01-21 17:53Impact
What kind of vulnerability is it? Who is impacted?
This vulnerability relates to Server-Side Request Forgery (SSRF) in the /queue/join endpoint. Gradio’s async_save_url_to_cache function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching.
Patches
Yes, please upgrade to gradio>=5 to address this issue.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
As a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the /queue/join endpoint can help mitigate the risk of SSRF attacks.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "gradio"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-47167"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2024-10-10T22:01:44Z",
"nvd_published_at": "2024-10-10T22:15:11Z",
"severity": "MODERATE"
},
"details": "### Impact \n**What kind of vulnerability is it? Who is impacted?**\n\nThis vulnerability relates to **Server-Side Request Forgery (SSRF)** in the `/queue/join` endpoint. Gradio\u2019s `async_save_url_to_cache` function allows attackers to force the Gradio server to send HTTP requests to user-controlled URLs. This could enable attackers to target internal servers or services within a local network and possibly exfiltrate data or cause unwanted internal requests. Additionally, the content from these URLs is stored locally, making it easier for attackers to upload potentially malicious files to the server. This impacts users deploying Gradio servers that use components like the Video component which involve URL fetching.\n\n### Patches \nYes, please upgrade to `gradio\u003e=5` to address this issue.\n\n### Workarounds \n**Is there a way for users to fix or remediate the vulnerability without upgrading?**\n\nAs a workaround, users can disable or heavily restrict URL-based inputs in their Gradio applications to trusted domains only. Additionally, implementing stricter URL validation (such as allowinglist-based validation) and ensuring that local or internal network addresses cannot be requested via the `/queue/join` endpoint can help mitigate the risk of SSRF attacks.",
"id": "GHSA-576c-3j53-r9jj",
"modified": "2025-01-21T17:53:33Z",
"published": "2024-10-10T22:01:44Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-576c-3j53-r9jj"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-47167"
},
{
"type": "PACKAGE",
"url": "https://github.com/gradio-app/gradio"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/gradio/PYSEC-2024-215.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Gradio vulnerable to SSRF in the path parameter of /queue/join"
}
GHSA-57PW-M5MJ-M29P
Vulnerability from github – Published: 2022-11-17 18:30 – Updated: 2022-11-21 18:30A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.
{
"affected": [],
"aliases": [
"CVE-2022-42894"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-11-17T17:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability has been identified in syngo Dynamics (All versions \u003c VA40G HF01). An unauthenticated Server-Side Request Forgery (SSRF) vulnerability was identified in one of the web services exposed on the syngo Dynamics application that could allow for the leaking of NTLM credentials as well as local service enumeration.",
"id": "GHSA-57pw-m5mj-m29p",
"modified": "2022-11-21T18:30:37Z",
"published": "2022-11-17T18:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42894"
},
{
"type": "WEB",
"url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-741697"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-57VG-JXJV-V848
Vulnerability from github – Published: 2022-05-24 19:01 – Updated: 2022-05-24 19:01An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
{
"affected": [],
"aliases": [
"CVE-2021-31828"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-06T19:15:00Z",
"severity": "HIGH"
},
"details": "An SSRF issue in Open Distro for Elasticsearch (ODFE) before 1.13.1.0 allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin\u0027s intended scope.",
"id": "GHSA-57vg-jxjv-v848",
"modified": "2022-05-24T19:01:26Z",
"published": "2022-05-24T19:01:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31828"
},
{
"type": "WEB",
"url": "https://github.com/opendistro-for-elasticsearch/alerting/pull/353"
},
{
"type": "WEB",
"url": "https://opendistro.github.io/for-elasticsearch-docs/version-history"
},
{
"type": "WEB",
"url": "https://rotem-bar.com/ssrf-in-open-distro-for-elasticsearch-cve-2021-31828"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-57W5-CGMJ-2FR4
Vulnerability from github – Published: 2025-09-09 18:31 – Updated: 2025-09-09 18:31A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server. Successful exploitation of this vulnerability can lead to internal network access / potential data disclosure from a device.
{
"affected": [],
"aliases": [
"CVE-2025-9269"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-09-09T18:15:36Z",
"severity": "MODERATE"
},
"details": "A Server-Side Request Forgery (SSRF) vulnerability has been identified in the embedded web server in various Lexmark devices. This vulnerability can be leveraged by an attacker to force the device to send an arbitrary HTTP request to a third-party server.\u00a0Successful exploitation of this vulnerability can lead to internal network access / potential data disclosure from a device.",
"id": "GHSA-57w5-cgmj-2fr4",
"modified": "2025-09-09T18:31:25Z",
"published": "2025-09-09T18:31:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9269"
},
{
"type": "WEB",
"url": "https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-57WV-8V6F-4353
Vulnerability from github – Published: 2026-06-22 18:34 – Updated: 2026-06-22 18:34IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.
{
"affected": [],
"aliases": [
"CVE-2026-9006"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-06-22T16:16:43Z",
"severity": "HIGH"
},
"details": "IBM WebSphere Application Server 9.0, and 8.5 is vulnerable to server-side request forgery (SSRF) with the Ajax Proxy configured. This may allow an attacker to send unauthorized requests from the system, resulting in a security bypass or information disclosure.",
"id": "GHSA-57wv-8v6f-4353",
"modified": "2026-06-22T18:34:16Z",
"published": "2026-06-22T18:34:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9006"
},
{
"type": "WEB",
"url": "https://www.ibm.com/support/pages/node/7276600"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-582G-J67J-5Q79
Vulnerability from github – Published: 2026-04-06 06:30 – Updated: 2026-04-06 06:30A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
{
"affected": [],
"aliases": [
"CVE-2026-5618"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-06T04:16:14Z",
"severity": "MODERATE"
},
"details": "A vulnerability was detected in kalcaddle kodbox up to 1.64. This affects an unknown function of the component shareMake/shareCheck. Performing a manipulation of the argument siteFrom/siteTo results in server-side request forgery. The attack is possible to be carried out remotely. The complexity of an attack is rather high. The exploitability is reported as difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.",
"id": "GHSA-582g-j67j-5q79",
"modified": "2026-04-06T06:30:29Z",
"published": "2026-04-06T06:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5618"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/785572"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/355408"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/355408/cti"
},
{
"type": "WEB",
"url": "https://vulnplus-note.wetolink.com/share/3VtzyzYgcS4b"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-5868-VCX5-GWMP
Vulnerability from github – Published: 2023-12-14 09:30 – Updated: 2024-10-08 18:33Unauthenticated LFI/SSRF in JCDashboards component for Joomla.
{
"affected": [],
"aliases": [
"CVE-2023-40630"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-12-14T09:15:41Z",
"severity": "CRITICAL"
},
"details": "Unauthenticated LFI/SSRF in JCDashboards component for Joomla.",
"id": "GHSA-5868-vcx5-gwmp",
"modified": "2024-10-08T18:33:05Z",
"published": "2023-12-14T09:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-40630"
},
{
"type": "WEB",
"url": "https://extensions.joomla.org/extension/jcdashboards"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-586R-QXPV-M44Q
Vulnerability from github – Published: 2024-10-11 21:31 – Updated: 2024-10-15 21:30A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress <= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.
{
"affected": [],
"aliases": [
"CVE-2024-46468"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-11T21:15:07Z",
"severity": "HIGH"
},
"details": "A Server-Side Request Forgery (SSRF) vulnerability exists in the jpress \u003c= v5.1.1, which can be exploited by an attacker to obtain sensitive information, resulting in an information disclosure.",
"id": "GHSA-586r-qxpv-m44q",
"modified": "2024-10-15T21:30:37Z",
"published": "2024-10-11T21:31:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-46468"
},
{
"type": "WEB",
"url": "https://github.com/JPressProjects/jpress/issues/190"
},
{
"type": "WEB",
"url": "https://gist.github.com/ilikeoyt/b396bbb9ef858105c46e999630e7afbe"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-587R-MC96-6F2P
Vulnerability from github – Published: 2026-05-11 14:45 – Updated: 2026-06-08 23:42Summary
The programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller's GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and capture the GH_TOKEN used by GuardDog.
Description
ProjectScanner.scan_remote() takes a url, branch, and requirements_name, then constructs a raw GitHub URL by calling:
githubusercontent_url = url.replace("github", "raw.githubusercontent")
req_url = f"{githubusercontent_url}/{branch}/{requirements_name}"
resp = requests.get(url=req_url, auth=token)
Because this logic does not parse or validate the hostname, a crafted URL such as:
http://github@127.0.0.1:18081/owner/repo
is transformed into:
http://raw.githubusercontent@127.0.0.1:18081/owner/repo/main/requirements.txt
Requests interprets this as an HTTP request to 127.0.0.1:18081, and GuardDog includes the configured GitHub credentials via HTTP Basic Auth.
Reproduction summary
- Start an HTTP listener on
127.0.0.1:18081that logs the request path andAuthorizationheader. - Set
GIT_USERNAME=aliceandGH_TOKEN=supersecret. - Call
PypiRequirementsScanner().scan_remote("http://github@127.0.0.1:18081/owner/repo", "main", "requirements.txt"). - Observe a request to
/owner/repo/main/requirements.txtwithAuthorization: Basic YWxpY2U6c3VwZXJzZWNyZXQ=.
Key code paths
guarddog/scanners/scanner.py:361-365
Practical impact
This can expose repository-scanning infrastructure to:
- theft of the GitHub PAT configured in GH_TOKEN
- SSRF to internal or localhost services reachable by the scanner
- attacker-controlled dependency file content returned by the malicious endpoint
Prior public disclosure check
As of 2026-03-18, no matching public GitHub advisory, CVE, or public repo issue was found for this specific bug.
Suggested fix
Parse the input URL, require hostname == "github.com", validate the path shape (owner/repo), build the raw URL from parsed components instead of string replacement, and never send GitHub credentials to non-GitHub hosts.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "guarddog"
},
"ranges": [
{
"events": [
{
"introduced": "1.0.0"
},
{
"last_affected": "2.9.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-44971"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-05-11T14:45:08Z",
"nvd_published_at": "2026-05-27T15:16:29Z",
"severity": "HIGH"
},
"details": "# Summary\nThe programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replacement and then sends the caller\u0027s GitHub credentials with the resulting request. This allows an attacker who can influence the scanned repository URL to trigger SSRF and capture the `GH_TOKEN` used by GuardDog.\n\n# Description\n`ProjectScanner.scan_remote()` takes a `url`, `branch`, and `requirements_name`, then constructs a raw GitHub URL by calling:\n\n```python\ngithubusercontent_url = url.replace(\"github\", \"raw.githubusercontent\")\nreq_url = f\"{githubusercontent_url}/{branch}/{requirements_name}\"\nresp = requests.get(url=req_url, auth=token)\n```\n\nBecause this logic does not parse or validate the hostname, a crafted URL such as:\n\n```text\nhttp://github@127.0.0.1:18081/owner/repo\n```\n\nis transformed into:\n\n```text\nhttp://raw.githubusercontent@127.0.0.1:18081/owner/repo/main/requirements.txt\n```\n\nRequests interprets this as an HTTP request to `127.0.0.1:18081`, and GuardDog includes the configured GitHub credentials via HTTP Basic Auth.\n\n# Reproduction summary\n1. Start an HTTP listener on `127.0.0.1:18081` that logs the request path and `Authorization` header.\n2. Set `GIT_USERNAME=alice` and `GH_TOKEN=supersecret`.\n3. Call `PypiRequirementsScanner().scan_remote(\"http://github@127.0.0.1:18081/owner/repo\", \"main\", \"requirements.txt\")`.\n4. Observe a request to `/owner/repo/main/requirements.txt` with `Authorization: Basic YWxpY2U6c3VwZXJzZWNyZXQ=`.\n\n# Key code paths\n- `guarddog/scanners/scanner.py:361-365`\n\n# Practical impact\nThis can expose repository-scanning infrastructure to:\n- theft of the GitHub PAT configured in `GH_TOKEN`\n- SSRF to internal or localhost services reachable by the scanner\n- attacker-controlled dependency file content returned by the malicious endpoint\n\n# Prior public disclosure check\nAs of 2026-03-18, no matching public GitHub advisory, CVE, or public repo issue was found for this specific bug.\n\n# Suggested fix\nParse the input URL, require `hostname == \"github.com\"`, validate the path shape (`owner/repo`), build the raw URL from parsed components instead of string replacement, and never send GitHub credentials to non-GitHub hosts.",
"id": "GHSA-587r-mc96-6f2p",
"modified": "2026-06-08T23:42:22Z",
"published": "2026-05-11T14:45:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/DataDog/guarddog/security/advisories/GHSA-587r-mc96-6f2p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44971"
},
{
"type": "PACKAGE",
"url": "https://github.com/DataDog/guarddog"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration"
}
GHSA-5899-42J8-FXPR
Vulnerability from github – Published: 2026-02-14 09:31 – Updated: 2026-02-14 09:31The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the 'load_lyrics_ajax_callback' function. This makes it possible for authenticated attackers, with author level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
{
"affected": [],
"aliases": [
"CVE-2026-1249"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-02-14T09:16:11Z",
"severity": "MODERATE"
},
"details": "The MP3 Audio Player \u2013 Music Player, Podcast Player \u0026 Radio by Sonaar plugin for WordPress is vulnerable to Server-Side Request Forgery in versions 5.3 to 5.10 via the \u0027load_lyrics_ajax_callback\u0027 function. This makes it possible for authenticated attackers, with author level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.",
"id": "GHSA-5899-42j8-fxpr",
"modified": "2026-02-14T09:31:34Z",
"published": "2026-02-14T09:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1249"
},
{
"type": "WEB",
"url": "https://plugins.trac.wordpress.org/changeset/3453076/mp3-music-player-by-sonaar/trunk/sonaar-music.php"
},
{
"type": "WEB",
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/261aad1e-43fc-4927-a97d-85a001863023?source=cve"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.