# SSRF in Next.js Server Actions

- ID: javascript-nextjs-server-action-ssrf
- Severity: HIGH
- CWE: Server-Side Request Forgery (CWE-918)
- Languages: JavaScript, TypeScript
- Frameworks: nextjs

## Description

Detects user-controlled input flowing into HTTP request URLs in Server Actions.

## Detection Message

Server Action '{function_name}' has SSRF vulnerability: user input controls HTTP request URL

## Remediation

Validate and sanitize URLs before making HTTP requests. Use allowlists.
See remediation section for examples.

## Documentation

[object Object]

## Related Rules

- **Server-Side Request Forgery (SSRF)** [HIGH]: 
- **Server-Side Request Forgery via HTTP Requests** [HIGH]: 
- **Server-Side Request Forgery (SSRF)** [HIGH]: