24 matches found
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 16.0.1 to 16.1.7 had a security vulnerability. This vulnerability stemmed from the cross-site protection of the internal WebSocket endpoint in development mode, which might treat Origin: null as an mechanism. This could...
Next.js 安全漏洞
Next.js is a React framework open source by Vercel. Versions of Next.js from 16.0.1 to 16.1.7 had a security vulnerability. This vulnerability stemmed from treating origin: null as an absent source during server-side CSRF validation, which could lead to bypassing source verification and triggerin...
PT-2026-25909
Name of the Vulnerable Software and Affected Versions Next.js versions 16.0.1 through 16.1.7 Description Next.js, a React framework for building full-stack web applications, had a flaw in its Server Action CSRF validation. Specifically, origin: null was incorrectly treated as a missing origin,...
Origin Null Vulnerability
rack-cors is vulnerable to an origin null vulnerability. When an iframe contains html code for its source instead of a URL, a website using rack-cors and allowing file:// does not prevent browsers to send null origins...