https://github.com/SCA-Fix/sftpgo/blob/c71032123e54702ad2744464117df71e7691df9b//examples/OTP/authy/checkpwd/main.go#L102-L112
Filename: main.go
Line: 107
CWE: 918 (Server-Side Request Forgery (SSRF) ('Information Leakage'))
SSRF attacks works when an attacker can pass a URL to access other upstream resources. This happens when resource urls aren't validated for expected destination. Attackers can craft a vulnerable URL to access variety of sensitive information like AWS metadata, database services and other web enabled services. As a mitigation, create a list of allowed hosts and protocols and validate every request against it. As far as possible, don't allow URLs coming directly from user to be passed on these APIs.References : CWE 918
SSRF Attacks/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode
https://github.com/SCA-Fix/sftpgo/blob/c71032123e54702ad2744464117df71e7691df9b//examples/OTP/authy/checkpwd/main.go#L102-L112
Filename: main.go
Line: 107
CWE: 918 (Server-Side Request Forgery (SSRF) ('Information Leakage'))
SSRF attacks works when an attacker can pass a URL to access other upstream resources. This happens when resource urls aren't validated for expected destination. Attackers can craft a vulnerable URL to access variety of sensitive information like AWS metadata, database services and other web enabled services. As a mitigation, create a list of allowed hosts and protocols and validate every request against it. As far as possible, don't allow URLs coming directly from user to be passed on these APIs.References : CWE 918
SSRF Attacks/nDon't know how to fix this? Don't know why this was reported?
Get Assistance from Veracode