Get Started
- CodeAnt AI
- Control Center
- Pull Request Review
- IDE
- Compliance
- Anti-Patterns
- Code Governance
- Infrastructure Security Database
- Application Security Database
- Apex
- Bash
- C
- Clojure
- Cpp
- Csharp
- Dockerfile
- Elixir
- Fingerprints
- Generic
- Go
- Html
- Java
- Javascript
- Json
- Kotlin
- Ocaml
- Php
- Doctrine
- Lang
- Laravel
- Security
- Security
- Laravel-code-injection
- Laravel-column-sql-injection
- Laravel-command-injection
- Laravel-cookie-not-encrypted
- Laravel-csrf-not-verified
- Laravel-direct-response-write
- Laravel-http-client-ssrf
- Laravel-mail-command-injection
- Laravel-native-sql-injection
- Laravel-path-traversal-storage
- Laravel-path-traversal
- Laravel-raw-sql-injection
- Laravel-unsafe-entity-loader
- Laravel-xml-unsafe-parser-flags
- Search-laravel-form-csrf
- Secrets
- Symfony
- Wordpress-plugins
- Problem-based-packs
- Python
- Ruby
- Rust
- Scala
- Solidity
- Swift
- Terraform
- Typescript
- Yaml
Laravel http client ssrf
Untrusted input might be used to build an HTTP request, which can lead to a Server-side request forgery (SSRF) vulnerability. SSRF allows an attacker to send crafted requests from the server side to other internal or external systems. SSRF can lead to unauthorized access to sensitive data and, in some cases, allow the attacker to control applications or systems that trust the vulnerable service. To prevent this vulnerability, avoid allowing user input to craft the base request. Instead, treat it as part of the path or query parameter and encode it appropriately. When user input is necessary to prepare the HTTP request, perform strict input validation. Additionally, whenever possible, use allowlists to only interact with expected, trusted domains.
Likelihood: LOW
Confidence: HIGH
CWE:
- CWE-918: Server-Side Request Forgery (SSRF)
OWASP:
- A10:2021 - Server-Side Request Forgery (SSRF)