Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was ident

APPLICATION

10-09-2025 16:57

CVE-2024-34351 Vulnerabilidad documentada

Sin puntuación

Tags

#web

#server

#react

#next.js

#form

#application

#vulnerability

#ssrf

#server-side request forgery

#fix

#attack

Descripción

Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header modified, and below conditions are also met, an attacker may be able make requests appear originating from application server itself. The required 1) running self-hosted manner; 2) makes use of Actions; 3) Action performs redirect relative path which starts with `/`. This fixed `14.1.1`.

https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085

https://github.com/vercel/next.js/pull/62561

https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g

https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085

https://github.com/vercel/next.js/pull/62561

https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2024-34351

Resultados similares

Coincidentes en almenos en 50% de los tags

10-09-2025 CVE-2025-43725
Dell PowerProtect Data Manager, Generic Application Agent, version(s) 19.19 and 19.20, contain(...
Ver información

10-09-2025 CVE-2025-58761
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. The `real_pms_im...
Ver información