Server-Side Request Forgery (SSRF) occurs when an application allows a user to supply a URL or destination for the server to fetch, without properly validating the input. Attackers exploit this to make the server send requests to internal services, cloud metadata endpoints, or other protected systems that would normally be inaccessible. This can lead to data exposure, port scanning, or even remote code execution in some cases. SSRF is especially dangerous in cloud environments.
