CVE-2024-34351

Next.js Server-Side Request Forgery in Server Actions

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.

Next.js es un framework React que puede proporcionar componentes básicos para crear aplicaciones web. Se identificó una vulnerabilidad de Server Side Request Forgery (SSRF) en las acciones del servidor Next.js. Si se modifica el encabezado "Host" y también se cumplen las condiciones siguientes, un atacante puede realizar solicitudes que parecen originarse en el propio servidor de aplicaciones Next.js. Las condiciones requeridas son 1) Next.js se ejecuta de forma autohospedada; 2) la aplicación Next.js utiliza acciones del servidor; y 3) la Acción del Servidor realiza una redirección a una ruta relativa que comienza con `/`. Esta vulnerabilidad se solucionó en Next.js `14.1.1`.

*Credits: N/A

CVSS Scores

GitHubv3.1 7.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2024-05-02 CVE Reserved
2024-05-09 CVE Published
2024-05-12 First Exploit
2024-08-02 CVE Updated
2024-10-12 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-918: Server-Side Request Forgery (SSRF)

CAPEC

References (5)

URL	Tag	Source
https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085	X_refsource_misc
https://github.com/vercel/next.js/pull/62561	X_refsource_misc
https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g	X_refsource_confirm

URL	Date	SRC
https://github.com/Voorivex/CVE-2024-34351	2024-05-12
https://github.com/God4n/nextjs-CVE-2024-34351-_exploit	2024-08-22

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Vercel Search vendor "Vercel"		Next.js Search vendor "Vercel" for product "Next.js"				>= 13.4.0 < 14.1.1 Search vendor "Vercel" for product "Next.js" and version " >= 13.4.0 < 14.1.1"		en		Affected