Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-21 | CVE-2021-23664 | Server-Side Request Forgery (SSRF) vulnerability in Isomorphic-Git Cors-Proxy The package @isomorphic-git/cors-proxy before 2.7.1 are vulnerable to Server-side Request Forgery (SSRF) due to missing sanitization and validation of the redirection action in middleware.js. | 7.5 |
| 2022-01-18 | CVE-2021-39927 | Server-Side Request Forgery (SSRF) vulnerability in Gitlab Server side request forgery protections in GitLab CE/EE versions between 8.4 and 14.4.4, between 14.5.0 and 14.5.2, and between 14.6.0 and 14.6.1 would fail to protect against attacks sending requests to localhost on port 80 or 443 if GitLab was configured to run on a port other than 80 or 443 | 4.3 |
| 2022-01-18 | CVE-2021-41809 | Server-Side Request Forgery (SSRF) vulnerability in M-Files Server SSRF vulnerability in M-Files Server products with versions before 22.1.11017.1, in a preview function allowed making queries from the server with certain document types referencing external entities. | 4.3 |
| 2022-01-10 | CVE-2022-0132 | Server-Side Request Forgery (SSRF) vulnerability in Framasoft Peertube peertube is vulnerable to Server-Side Request Forgery (SSRF) | 7.5 |
| 2022-01-10 | CVE-2022-22702 | Server-Side Request Forgery (SSRF) vulnerability in Partkeepr PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration. | 4.3 |
| 2022-01-06 | CVE-2021-27738 | Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin All request mappings in `StreamingCoordinatorController.java` handling `/kylin/api/streaming_coordinator/*` REST API endpoints did not include any security checks, which allowed an unauthenticated user to issue arbitrary requests, such as assigning/unassigning of streaming cubes, creation/modification and deletion of replica sets, to the Kylin Coordinator. | 7.5 |
| 2021-12-22 | CVE-2021-44659 | Server-Side Request Forgery (SSRF) vulnerability in Thoughtworks Gocd 21.3.0 Adding a new pipeline in GoCD server version 21.3.0 has a functionality that could be abused to do an un-intended action in order to achieve a Server Side Request Forgery (SSRF). | 9.8 |
| 2021-12-20 | CVE-2021-22056 | Server-Side Request Forgery (SSRF) vulnerability in VMWare products VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 and Identity Manager 3.3.5, 3.3.4, and 3.3.3 contain an SSRF vulnerability. | 7.5 |
| 2021-12-17 | CVE-2021-22054 | Server-Side Request Forgery (SSRF) vulnerability in VMWare Workspace ONE UEM Console VMware Workspace ONE UEM console 20.0.8 prior to 20.0.8.37, 20.11.0 prior to 20.11.0.40, 21.2.0 prior to 21.2.0.27, and 21.5.0 prior to 21.5.0.37 contain an SSRF vulnerability. | 7.5 |
| 2021-12-16 | CVE-2021-3959 | Server-Side Request Forgery (SSRF) vulnerability in Bitdefender Gravityzone 3.3.8.249 A Server-Side Request Forgery (SSRF) vulnerability in the EPPUpdateService component of Bitdefender Endpoint Security Tools allows an attacker to proxy requests to the relay server. | 7.5 |