{"vulnerability": "CVE-2024-34351", "sightings": [{"uuid": "3e093856-26b4-4370-9d70-cccedc688f10", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://gist.github.com/tuannguyenx2024/8e367a0089f96d8a24996b10f608c5b3", "content": "", "creation_timestamp": "2026-02-10T16:39:07.000000Z"}, {"uuid": "1d575d51-31e4-4333-964e-4828f5ab0187", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://gist.github.com/parameciumzhang/6f62cee5cf4bf3d4531636d086d5418e", "content": "", "creation_timestamp": "2025-12-12T03:37:29.000000Z"}, {"uuid": "7584da72-0410-4f89-83e5-99187d10db2c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/126", "content": "\ud83d\udea8Alert\ud83d\udea8CVE-2024-34351:Next.js Server-Side Request Forgery in Server Actions\n\ud83d\udd25PoC: https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps#/ \n\u26a0A SSRF vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\ud83d\udcca3.1M+ Services are found on  hunter.how\n\ud83d\udd17Hunter Link: https://hunter.how/list?searchValue=product.name%3D%22Next.js%22 \n\ud83d\udcf0Refer: https://github.com/advisories/GHSA-fr5h-rqp8-mj6g \nHunter:/product.name=\"Next.js\"\nFOFA:app=\"Next.js\"\nSHODAN:http.component:\"Next.js\"", "creation_timestamp": "2024-05-10T12:42:38.000000Z"}, {"uuid": "e938c068-daae-4708-abb7-e97d977f63ac", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/8331", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01 \n\n\u66f4\u65b0\u4e86\uff1aCVE-2024\n\u63cf\u8ff0\uff1aPoC for a full exploitation of NextJS SSRF (CVE-2024-34351) \nURL\uff1ahttps://github.com/God4n/nextjs-CVE-2024-34351-_exploit\n\n\u6807\u7b7e\uff1a#CVE-2024", "creation_timestamp": "2024-08-22T19:26:38.000000Z"}, {"uuid": "0a0ef3e2-90e0-4c06-9caf-354a647f53e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://t.me/cyberbannews_ir/11846", "content": "\ud83e\ude99 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Request Smuggling \u0648 SSRF \u062f\u0631 Next.js\n\n\ud83d\udd39\u062f\u0648 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u0627 \u0634\u0646\u0627\u0633\u0647\u200c\u0647\u0627\u06cc CVE-2024-34350 \u0648 CVE-2024-34351 \u0648 \u0634\u062f\u062a\u200c\u0647\u0627\u06cc \u0628\u0627\u0644\u0627 \u062f\u0631 \u0628\u0631\u062e\u06cc \u0627\u0632 \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc Next.js \u06a9\u0634\u0641 \u0634\u062f\u0647\u200c\u0627\u0646\u062f \u06a9\u0647 \u0645\u0631\u0628\u0648\u0637 \u0628\u0647 Response queue poisoning \u0648 SSRF \u0645\u06cc\u200c\u0628\u0627\u0634\u0646\u062f.\n\u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc Response queue poisoning \u0628\u0647 \u062f\u0644\u06cc\u0644 \u062a\u0641\u0633\u06cc\u0631 \u0646\u0627\u0633\u0627\u0632\u06af\u0627\u0631 \u062f\u0631\u062e\u0648\u0627\u0633\u062a\u200c\u0647\u0627\u06cc HTTP \u0628\u0647 \u0648\u062c\u0648\u062f \u0622\u0645\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u06af\u0627\u0647\u06cc \u0628\u0647 \u0639\u0646\u0648\u0627\u0646 \u06cc\u06a9 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u0648 \u06af\u0627\u0647\u06cc \u062f\u0648 \u062f\u0631\u062e\u0648\u0627\u0633\u062a \u062c\u062f\u0627\u06af\u0627\u0646\u0647 \u062a\u0641\u0633\u06cc\u0631 \u0645\u06cc\u200c\u0634\u0648\u0646\u062f. \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc SSRF \u0628\u0647 \u062f\u0644\u06cc\u0644 \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0627\u0632 \u06cc\u06a9 \u0645\u0648\u0644\u0641\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631 \u062f\u0631 Next.js \u0627\u06cc\u062c\u0627\u062f \u0634\u062f\u0647 \u0627\u0633\u062a \u06a9\u0647 \u0628\u0647 \u0637\u0648\u0631 \u067e\u06cc\u0634\u200c\u0641\u0631\u0636 \u0641\u0639\u0627\u0644 \u0645\u06cc\u200c\u0628\u0627\u0634\u062f.\n\n\ud83d\udd18 \u06af\u0632\u0627\u0631\u0634 \u06a9\u0627\u0645\u0644 \n\n#\u0622\u0633\u06cc\u0628_\u067e\u0630\u06cc\u0631\u06cc\n\n\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\ud83d\udd38\n\ud83e\udda0 @cyberbannews_ir", "creation_timestamp": "2024-05-13T08:31:07.000000Z"}, {"uuid": "2f80159d-ccc9-46e3-b1c3-769f29ba710a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "published-proof-of-concept", "source": "https://t.me/poxek/4009", "content": "\ud83d\udea8Alert\ud83d\udea8CVE-2024-34351:Next.js Server-Side Request Forgery in Server Actions\n\ud83d\udd25PoC: https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps#/ \n\u26a0A SSRF vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\ud83d\udcca3.1M+ Services are found on  hunter.how\n\ud83d\udd17Hunter Link: https://hunter.how/list?searchValue=product.name%3D%22Next.js%22 \n\ud83d\udcf0Refer: https://github.com/advisories/GHSA-fr5h-rqp8-mj6g \nHunter:/product.name=\"Next.js\"\nFOFA:app=\"Next.js\"\nSHODAN:http.component:\"Next.js\"\n#NextJS #SSRF #Vulnerability", "creation_timestamp": "2024-05-10T12:02:39.000000Z"}, {"uuid": "4ebc7eb4-2be8-49b3-986d-9208467ddb81", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://t.me/MrVGunz/1105", "content": "CVE-2024-34351:Next.js Server-Side Request Forgery in Server Actions\n\nA SSRF vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\n\ud83c\udfaf Poc\n\ud83d\udcda Refer\n\n\ud83d\udd39\ufe0f @hack_authenticator", "creation_timestamp": "2024-05-12T15:41:34.000000Z"}, {"uuid": "92d10bc8-bd29-4371-b42e-3b2676b69b95", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "seen", "source": "https://t.me/HackingInsights/286", "content": "\u200aCVE-2024-34350 & CVE-2024-34351: Two Vulnerabilities Patched in Popular Next.js Framework\n\nhttps://securityonline.info/cve-2024-34350-cve-2024-34351-two-vulnerabilities-patched-in-popular-next-js-framework/", "creation_timestamp": "2024-05-11T10:13:49.000000Z"}, {"uuid": "88ed1403-a5d1-44be-a065-4f31e8d55b8c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34351", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/2494", "content": "https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps\n\nCVE-2024-34351\n#\u5206\u6790 #poc", "creation_timestamp": "2024-05-15T21:48:21.000000Z"}]}