Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-28 | CVE-2020-13970 | Server-Side Request Forgery (SSRF) vulnerability in Shopware Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery (SSRF) in its "Mediabrowser upload by URL" feature. | 8.8 |
| 2020-07-21 | CVE-2020-15879 | Server-Side Request Forgery (SSRF) vulnerability in Bitwarden Server 1.35.1 Bitwarden Server 1.35.1 allows SSRF because it does not consider certain IPv6 addresses (ones beginning with fc, fd, fe, or ff, and the :: address) and certain IPv4 addresses (0.0.0.0/8, 127.0.0.0/8, and 169.254.0.0/16). | 7.5 |
| 2020-07-20 | CVE-2020-8205 | Server-Side Request Forgery (SSRF) vulnerability in Transloadit Uppy The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems. | 7.5 |
| 2020-07-15 | CVE-2020-13788 | Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. | 4.3 |
| 2020-07-14 | CVE-2020-6282 | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. | 5.8 |
| 2020-07-09 | CVE-2020-14170 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Bitbucket Webhooks in Atlassian Bitbucket Server from version 5.4.0 before version 7.3.1 allow remote attackers to access the content of internal network resources via a Server-Side Request Forgery (SSRF) vulnerability. | 4.3 |
| 2020-07-01 | CVE-2020-14056 | Server-Side Request Forgery (SSRF) vulnerability in Monstaftp Monsta FTP Monsta FTP 2.10.1 or below is prone to a server-side request forgery vulnerability due to insufficient restriction of the web fetch functionality. | 9.8 |
| 2020-07-01 | CVE-2019-20408 | Server-Side Request Forgery (SSRF) vulnerability in Atlassian Jira The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vulnerability due to a logic bug in the JiraWhitelist class. | 5.3 |
| 2020-06-24 | CVE-2020-13484 | Server-Side Request Forgery (SSRF) vulnerability in Bitrix24 20.0.0/20.0.975 Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL. | 9.8 |
| 2020-06-19 | CVE-2019-20872 | Server-Side Request Forgery (SSRF) vulnerability in Mattermost Server An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. | 5.5 |