Lucene search
CVE-2024-34351
🗓️ 14 May 2024 15:42:38Reported by GitHub_MType 
cve🔗 web.nvd.nist.gov📰️ 20 Media mentions👁 364 Views🌐 WEB
Next.js SSRF vulnerability in Server Actions fixed in version 14.1.
Show more
| Reporter | Title | Published | Views | Family All 17 |
|---|---|---|---|---|
 | GHSA-FR5H-RQP8-MJ6G Next.js Server-Side Request Forgery in Server Actions | 9 May 202421:18 | – | osv |
| CGA-WPM2-67F8-C286 | 20 Aug 202404:19 | – | osv |
| CVE-2024-34351 | 14 May 202415:38 | – | osv |
 | CVE-2024-34351 vulnerabilities | 14 May 202415:38 | – | wolfi |
 | CVE-2024-34351 Next.js Server-Side Request Forgery in Server Actions | 9 May 202416:14 | – | cvelist |
 | Exploit for CVE-2024-34351 | 13 May 202409:51 | – | githubexploit |
| Exploit for CVE-2024-34351 | 27 Aug 202415:10 | – | githubexploit |
| Exploit for CVE-2024-34351 | 12 May 202410:49 | – | githubexploit |
 | Next.js - Server Side Request Forgery (SSRF) | 15 Jul 202408:52 | – | nuclei |
 | CVE-2024-34351 vulnerabilities | 14 May 202415:38 | – | cgr |
10
[
{
"vendor": "vercel",
"product": "next.js",
"versions": [
{
"version": ">= 13.4.0, < 14.1.1",
"status": "affected"
}
]
}
]| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| Host | header | / | An attacker can control the Host header to redirect requests from the Next.js server to an attacker-controlled server. | CWE-918 |
| Origin | header | / | An attacker can control the Origin header to redirect requests from the Next.js server to an attacker-controlled server. | CWE-918 |
| SSRF | header | / | An attacker can set a custom SSRF header to specify the target for the SSRF attack. | CWE-918 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo14 May 2024 15:38Current
6.4Medium risk
Vulners AI Score6.4
CVSS37.5
EPSS0.81036
SSVC