{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-34351", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-05-02T06:36:32.438Z", "datePublished": "2024-05-09T16:14:16.236Z", "dateUpdated": "2024-08-02T02:51:09.867Z"}, "containers": {"cna": {"title": "Next.js Server-Side Request Forgery in Server Actions", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"}, {"name": "https://github.com/vercel/next.js/pull/62561", "tags": ["x_refsource_MISC"], "url": "https://github.com/vercel/next.js/pull/62561"}, {"name": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085", "tags": ["x_refsource_MISC"], "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"}], "affected": [{"vendor": "vercel", "product": "next.js", "versions": [{"version": ">= 13.4.0, < 14.1.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-09T16:14:16.236Z"}, "descriptions": [{"lang": "en", "value": "Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`."}], "source": {"advisory": "GHSA-fr5h-rqp8-mj6g", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34351", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-10T18:01:14.735549Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vercel:next.js:13.4.0:*:*:*:*:node.js:*:*"], "vendor": "vercel", "product": "next.js", "versions": [{"status": "affected", "version": "13.4.0", "lessThan": "14.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:41:46.205Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:09.867Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"}, {"name": "https://github.com/vercel/next.js/pull/62561", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vercel/next.js/pull/62561"}, {"name": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g", "name": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/vercel/next.js/pull/62561", "name": "https://github.com/vercel/next.js/pull/62561", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085", "name": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T02:51:09.867Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-34351", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-05-10T18:01:14.735549Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vercel:next.js:13.4.0:*:*:*:*:node.js:*:*"], "vendor": "vercel", "product": "next.js", "versions": [{"status": "affected", "version": "13.4.0", "lessThan": "14.1.1", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-10T18:02:33.408Z"}, "title": "CISA ADP Vulnrichment"}], "cna": {"title": "Next.js Server-Side Request Forgery in Server Actions", "source": {"advisory": "GHSA-fr5h-rqp8-mj6g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "vercel", "product": "next.js", "versions": [{"status": "affected", "version": ">= 13.4.0, < 14.1.1"}]}], "references": [{"url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g", "name": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/vercel/next.js/pull/62561", "name": "https://github.com/vercel/next.js/pull/62561", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085", "name": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-05-09T16:14:16.236Z"}}}, "cveMetadata": {"cveId": "CVE-2024-34351", "state": "PUBLISHED", "dateUpdated": "2024-08-02T02:51:09.867Z", "dateReserved": "2024-05-02T06:36:32.438Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-05-09T16:14:16.236Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "5B519CAE-0AD2-41EA-8483-4930A8558C4D", "versionEndExcluding": "14.1.1", "versionStartIncluding": "13.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`."}, {"lang": "es", "value": "Next.js es un framework React que puede proporcionar componentes b\u00e1sicos para crear aplicaciones web. Se identific\u00f3 una vulnerabilidad de Server Side Request Forgery (SSRF) en las acciones del servidor Next.js. Si se modifica el encabezado \"Host\" y tambi\u00e9n se cumplen las condiciones siguientes, un atacante puede realizar solicitudes que parecen originarse en el propio servidor de aplicaciones Next.js. Las condiciones requeridas son 1) Next.js se ejecuta de forma autohospedada; 2) la aplicaci\u00f3n Next.js utiliza acciones del servidor; y 3) la Acci\u00f3n del Servidor realiza una redirecci\u00f3n a una ruta relativa que comienza con `/`. Esta vulnerabilidad se solucion\u00f3 en Next.js `14.1.1`."}], "id": "CVE-2024-34351", "lastModified": "2025-09-10T15:43:33.553", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-05-14T15:38:42.563", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/vercel/next.js/pull/62561"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/vercel/next.js/pull/62561"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-07-13T21:06:49.302582+00:00", "updated": "2025-07-13T21:06:49.302643+00:00", "vendors": ["vercel", "vercel$PRODUCT$next.js"]}