In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Server-side Request Forgery (SSRF) vulnerabilities in an interactive lesson.
Start learningUpgrade zeep to version 4.3.3 or higher.
zeep is an A Python SOAP client
Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) in the process of parsing WSDL or XSD documents, where transitive references such as xsd:import, xsd:include, wsdl:import, and lxml entity/DTD resolution are followed. An attacker can cause the application to make outbound requests to arbitrary URLs by supplying or influencing the contents of a WSDL/XSD document, potentially accessing internal-only services or sensitive endpoints.
This vulnerability can be mitigated by avoiding the loading of untrusted WSDL/XSD documents, vendoring schemas locally and loading them from local files, restricting egress at the network layer to block outbound traffic to sensitive ranges, or using a restrictive custom Transport to allow-list URLs.