Skip to content

Security Test: SSRF Injection in headers via Frontend

Description

Default Severity:

When a web app uses a URL provided in headers without checking it, it can be tricked into requesting resources that might be hidden on internal networks, such as sensitive APIs or services behind a firewall. This vulnerability occurs because developers sometimes assume that data coming through headers is safe or rely too much on network boundaries to protect internal systems. The risk is that an attacker can manipulate these URLs to access confidential information, perform internal scans, or even use the server as a stepping stone for further attacks. Keeping an eye on input validation and not relying solely on network segmentation for security can help prevent these types of issues.

Configuration

Identifier: frontend_request_forgery/ssrf_header

Examples

All configuration available:

checks:
  frontend_request_forgery/ssrf_header:
    skip: false # default

Compliance and Standards

Standard Value
OWASP API Top 10 API10:2023
OWASP LLM Top 10 LLM06:2023
PCI DSS 6.5.1
GDPR Article-32
SOC2 CC1
PSD2 Article-95
ISO 27001 A.14.2
NIST SP800-53
FedRAMP AC-4
CWE 918
CVSS Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVSS Score 7.3