{"vulnerability": "CVE-2024-51479", "sightings": [{"uuid": "2e8ee44f-e7b0-4333-9eaa-8c5a4e86e713", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2024-51479", "type": "seen", "source": "https://infosec.exchange/users/mttaggart/statuses/113683355203817189", "content": "", "creation_timestamp": "2024-12-20T04:52:18.141001Z"}, {"uuid": "6be0b92f-02da-46c9-bde1-a065fdaaaba6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "https://bsky.app/profile/bolhasec.com/post/3ldo4gqssju2e", "content": "", "creation_timestamp": "2024-12-19T14:46:47.588684Z"}, {"uuid": "4f20ecda-f9ed-4e8f-b187-388be38e4db9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113669566323116247", "content": "", "creation_timestamp": "2024-12-17T18:25:35.808340Z"}, {"uuid": "683fdcc7-5486-43d9-8c9b-70c817b3bdae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-09-10T07:48:00.000000Z"}, {"uuid": "a075a18b-ee27-4ab7-8415-bd0afdf46b9a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "https://t.me/cvedetector/13124", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-51479 - Vercel Next.js Root Directory Authorization Bypass\", \n  \"Content\": \"CVE ID : CVE-2024-51479 \nPublished : Dec. 17, 2024, 7:15 p.m. | 34\u00a0minutes ago \nDescription : Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `` * [Affected] `` * [Not affected] ``. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"17 Dec 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-12-17T20:57:59.000000Z"}, {"uuid": "cd9fb7d5-4984-437c-84b9-b33efdc4770e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "MISP/f2f93f16-9318-44b1-9be3-2d3346ca540c", "content": "", "creation_timestamp": "2025-08-10T18:27:45.000000Z"}, {"uuid": "1dd6d475-8c40-4e87-8a30-c9264db78f0a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "published-proof-of-concept", "source": "https://t.me/suboxone_chatroom/7709", "content": "\ud83c\udf00 This is wild!\n\nYou\u2019ve probably seen the buzz around the Next.js middleware auth bypass (CVE-2025-29927) \u2014 but there\u2019s another less-known yet similar vulnerability: CVE-2024-51479.\n\nThis flaw allows attackers to bypass authentication by abusing the __nextLocale query parameter in the URL, tricking the middleware into granting access to protected routes.\n\nProof of Concept (PoC):\n\ncurl https://target.com/?__nextLocale=/admin\n\nThis vulnerability was fixed in Next.js v14.2.15, and Vercel-hosted apps have already been patched automatically.\n\nI found a very cool article explaining everything in detail:\n\nhttps://gmo-cybersecurity.com/blog/another-nextjs-middleware-bypass-en", "creation_timestamp": "2025-04-06T23:09:44.000000Z"}, {"uuid": "04104f13-934f-4154-b257-ffb9cdc9c3b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-51479", "type": "seen", "source": "Telegram/lXRzYknB6SBUTd3lazzYxB5xeOdU1Cklky9RaxLfOhf4z6Qw", "content": "", "creation_timestamp": "2025-02-23T20:21:25.000000Z"}]}