Oct 12, 2018 · Getting "Server-Side Request Forgery" issue in Fortify report while using spring restTemplate. I am making a call using restTemplate to some other REST service and passing this …

Hi @shahidsitecore (Community Member) , Veracode Static Analysis reports CWE 918 (Server-Side Request Forgery (SSRF)) when it detects that an HTTP Request that is sent out from the application …

Jul 23, 2019 · Server-Side Request Forgery (Input Validation and Representation, Data Flow) The function GetAsync () on line 122 initiates a network connection to a third-party system using user …

Hi @DPoblete626326 (Community Member) , I can see three dynamic parts in the variable `paramApi` containing the requested URL: 1. ResetPasswordServices.Sponsor 2. idClient.UserId 3. …

How To Fix Flaws CWE 918 Server-side Request Forgery +1 more Liked Like Answer Expand Post Expand Post

Sep 12, 2019 · Below is my implementation as Anti Server-Side Request Forgery (SSRF) (CWE ID 918) solutions. Sanitize your Host via this and additionally you have to set you valid Host Lists in …

CWE-918 (Server-Side Request Forgery - SSRF) is a vulnerability where an application allows an attacker to induce the server to make a request to an arbitrary URL. Brevard County Property …

Hi @ABattu219578 (Community Member) Untrusted input is used in the creation of a web-request which possibly allows an attacker to perform unauthorized requests to internal or external systems. An …

Hello @JJunior331643 (Community Member) , The recommendation for mitigating against SSRF flaws is to use strict validation on the untrusted data used to build the requested URL. Typically, Veracode …

Sep 17, 2023 · We have an issue in our solution (we are using .net core) and the SNYK vulnerabilities scaner show us that we have a Server-Side Request Forgery (SSRF) vulnerability in the next code at …