{"uuid": "26a87997-29fb-4c47-a004-a25bcfcaba0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/356", "content": "\ud83d\udea8CVE-2024-34351:Next.js SSRF in Server Actions\ud83d\udea8 \n \n\ud83d\udce2 Security researchers at Assetnote have identified a SSRF vulnerability in Next.js Server Actions. If the Host header is modified, and certain conditions are met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.  \n \n\ud83d\udcddDorks--->  \nHunter:/product.name=\"Next.js\" \nFOFA:app=\"Next.js\" \nSHODAN:http.component:\"Next.js\" \n \n\ud83d\udd17PoC: https://lnkd.in/gKbjiHVY \n \n\u26a0Stay vigilant and take necessary precautions to protect your applications.", "creation_timestamp": "2024-05-10T20:28:15.000000Z"}