cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-34351,https://securityvulnerability.io/vulnerability/CVE-2024-34351,Server-Side Request Forgery (SSRF) vulnerability in Next.js Server Actions,"A vulnerability has been identified in the Next.js framework that allows Server-Side Request Forgery (SSRF) under specific conditions. This flaw arises when the 'Host' header is modified in a self-hosted Next.js environment. Particularly, if the application utilizes Server Actions and those actions perform redirects to relative paths starting with '/', an attacker could exploit this by making requests that seem to originate from the Next.js application server itself. The issue has been addressed and fixed in version 14.1.1 of Next.js.",Vercel,Next.js,7.5,HIGH,0.001019999966956675,false,,true,false,true,2024-05-11T05:39:10.000Z,true,true,true,2024-05-10T11:52:02.702Z,2024-05-14T15:38:00.000Z,17162
CVE-2024-46982,https://securityvulnerability.io/vulnerability/CVE-2024-46982,Next.js vulnerability: Poisoned cache could expose sensitive data,"A cache poisoning vulnerability exists in the Next.js framework, which is widely used for building full-stack web applications. This vulnerability allows an attacker to send a specially crafted HTTP request that can manipulate the cache of non-dynamic server-side rendered routes. Specifically, it affects routes handled by the pages router when configured incorrectly, enabling the caching of content that should remain uncached. Affected versions, from 13.5.1 to 14.2.9, may inadvertently send a `Cache-Control: s-maxage=1, stale-while-revalidate` header, which may influence upstream Content Delivery Networks (CDNs) to cache responses. The only resolution to mitigate this issue is to upgrade to Next.js versions 13.5.7, 14.2.10, or later. Users are encouraged to apply the patch without delay, as there are no recommended workarounds available.",Vercel,Next.js,7.5,HIGH,0.00044999999227002263,false,,true,false,true,2024-12-14T18:14:01.000Z,true,true,false,,2024-09-17T22:15:00.000Z,8028