5 matches found
Security Bulletin: IBM Rhapsody Systems Engineering is using next-14.2.12.tgz which is vulnerable to CVE-2024-51479
Summary A security vulnerability was identified in the Next.js package used in our product. We have resolved the issue by updating to a non-vulnerable patched version to ensure the continued security and reliability of our application. Vulnerability Details CVEID:CVE-2024-51479 DESCRIPTION: Next....
Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-51479
Summary IBM Maximo Application Suite - Monitor Component is vulnerable to next-12.3.4.tgz CVE-2024-51479. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-51479 DESCRIPTION: Next.js is a React framework for building full-stack web...
CVE-2024-51479
creationtimestamp| type| source ---|---|--- 2024-12-17 18:25:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113669566323116247 2024-12-17 20:57:59+00:00| seen| https://t.me/cvedetector/13124 2024-12-19 14:46:47+00:00| seen| https://bsky.app/profile/bolhasec.com/post/3ldo4gqssju2e...
CVE-2024-51479 Authorization bypass in Next.js
Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For...
CVE-2024-51479
Next.js CVE-2024-51479: A pathname-based authorization check in middleware can bypass access control for root-level pages (e.g., /foo) while not affecting deeper paths (e.g., /foo/bar). Patch available in Next.js 14.2.15 and later; if hosted on Vercel, mitigation is automatic. IBM-related notices...