cve-2024-34351
Vulnerability from cvelistv5
Published
2024-05-09 16:14
Modified
2024-08-02 02:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.
References
security-advisories@github.comhttps://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085
security-advisories@github.comhttps://github.com/vercel/next.js/pull/62561
security-advisories@github.comhttps://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g
af854a3a-2127-422b-91ae-364da2661108https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085
af854a3a-2127-422b-91ae-364da2661108https://github.com/vercel/next.js/pull/62561
af854a3a-2127-422b-91ae-364da2661108https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:vercel:next.js:13.4.0:*:*:*:*:node.js:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "next.js",
            "vendor": "vercel",
            "versions": [
              {
                "lessThan": "14.1.1",
                "status": "affected",
                "version": "13.4.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-34351",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-10T18:01:14.735549Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:41:46.205Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T02:51:09.867Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"
          },
          {
            "name": "https://github.com/vercel/next.js/pull/62561",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vercel/next.js/pull/62561"
          },
          {
            "name": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "next.js",
          "vendor": "vercel",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 13.4.0, \u003c 14.1.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-918",
              "description": "CWE-918: Server-Side Request Forgery (SSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-05-09T16:14:16.236Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"
        },
        {
          "name": "https://github.com/vercel/next.js/pull/62561",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vercel/next.js/pull/62561"
        },
        {
          "name": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"
        }
      ],
      "source": {
        "advisory": "GHSA-fr5h-rqp8-mj6g",
        "discovery": "UNKNOWN"
      },
      "title": "Next.js Server-Side Request Forgery in Server Actions"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-34351",
    "datePublished": "2024-05-09T16:14:16.236Z",
    "dateReserved": "2024-05-02T06:36:32.438Z",
    "dateUpdated": "2024-08-02T02:51:09.867Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-34351\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-05-14T15:38:42.563\",\"lastModified\":\"2024-11-21T09:18:29.133\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.\"},{\"lang\":\"es\",\"value\":\"Next.js es un framework React que puede proporcionar componentes b\u00e1sicos para crear aplicaciones web. Se identific\u00f3 una vulnerabilidad de Server Side Request Forgery (SSRF) en las acciones del servidor Next.js. Si se modifica el encabezado \\\"Host\\\" y tambi\u00e9n se cumplen las condiciones siguientes, un atacante puede realizar solicitudes que parecen originarse en el propio servidor de aplicaciones Next.js. Las condiciones requeridas son 1) Next.js se ejecuta de forma autohospedada; 2) la aplicaci\u00f3n Next.js utiliza acciones del servidor; y 3) la Acci\u00f3n del Servidor realiza una redirecci\u00f3n a una ruta relativa que comienza con `/`. Esta vulnerabilidad se solucion\u00f3 en Next.js `14.1.1`.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-918\"}]}],\"references\":[{\"url\":\"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vercel/next.js/pull/62561\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/vercel/next.js/pull/62561\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.