=== What is the potential impact?

The impact of SSRF vulnerabilities can vary greatly depending on the context in
which the user input is used.

==== API Traversal

In a path traversal SSRF attack, the attacker can manipulate the path of the
server-side request to traverse through different endpoints of an API. This can
lead to several potential impacts:

===== Unauthorized access to API endpoints

By manipulating the path of the server-side request, an attacker can potentially
access API endpoints that are not intended to be publicly accessible. This could
include endpoints that provide access to sensitive data or functionality.
Unauthorized access to these endpoints could lead to data breaches or
unauthorized actions being performed on the server.

===== Manipulation of API responses

If an attacker can manipulate the path of a server-side request to traverse to
different API endpoints, they could potentially influence the responses that the
server sends back. This could lead to incorrect or misleading data being
returned, which could have a variety of impacts depending on the nature of the
application and the data involved.