Lucene search
+L

4 matches found

OSV
OSV
added 4 days ago2 views

MAL-2026-10407 Malicious code in awesome-terminal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 379d820ae94a1dd684c187fd2577558795440d8f8cd1fe3cd209c8eb5b303913 [email protected] ships a postinstall script scripts/install-check.cjs that resolves a bundle URL from a remote JSON config at...

6.5AI score
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/12/17 6:13 p.m.110 views

CVE-2024-51479 Authorization bypass in Next.js

Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For...

7.5CVSS6.9AI score0.03961EPSS
Exploits0References2
CVE
CVE
added 2024/12/17 6:13 p.m.426 views

CVE-2024-51479

Next.js CVE-2024-51479: A pathname-based authorization check in middleware can bypass access control for root-level pages (e.g., /foo) while not affecting deeper paths (e.g., /foo/bar). Patch available in Next.js 14.2.15 and later; if hosted on Vercel, mitigation is automatic. IBM-related notices...

7.5CVSS7.4AI score0.03961EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2024/12/17 3:9 p.m.48 views

Next.js authorization bypass vulnerability

Impact If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed. Patches This issue was patched in Next.js 14.2.15 and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatical...

7.5CVSS7.4AI score0.03961EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder