Vulnerabilities

 1 via 1 paths

Dependencies

 120

Source

 GitHub

Commit

 14b20955

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Server-Side Request Forgery (SSRF)

  • Vulnerable module: next
  • Introduced through: next@14.1.0

Detailed paths

  • Introduced through: nextjs14-snapshot@ladunjexa/nextjs14-snapshot#14b2095595d095824903159eecb500637816fda4 next@14.1.0
    Remediation: Upgrade to next@14.1.1.

Overview

next is a react framework.

Affected versions of this package are vulnerable to Server-Side Request Forgery (SSRF) through the Host header manipulation. An attacker can make unauthorized requests appearing to originate from the server.

Notes:

Prerequisites:

  1. Next.js (<14.1.1) is running in a self-hosted manner.

  2. The Next.js application makes use of Server Actions.

  3. The Server Action performs a redirect to a relative path which starts with a /.

Remediation

Upgrade next to version 14.1.1 or higher.

References

Server-Side Request Forgery (SSRF) vulnerability report