Next.js < 14.1.1 Server Actions Server-Side Request Forgery
Next.js versions from 13.4 included before 14.1.1 suffer from a Server-Side Request Forgery SSRF when using Server Actions performing a redirection to a relative path starting with '/'. By leveraging this vulnerability, a remote and unauthenticated attacker can forge an arbitrary 'Host' header an...