- Description
- Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.
- Source
- security-advisories@github.com
- NVD status
- Received
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
- security-advisories@github.com
- CWE-285
- Hype score
- Not currently trending
⚠️⚠️ CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers 🎯3m+ Results are found on the https://t.co/PJHuVbigA3 nearly year. 🔗FOFA Link:https://t.co/GXtEDWDNdl FOFA Query:app="NEXT.JS"
@yunus_huse9663
23 Dec 2024
12 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Vulnerability #AuthorizationBypassVulnerability CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers https://t.co/WuvmhjtQ9U
@Komodosec
20 Dec 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51479: Improper Authorization in Next.js, 7.5 rating❗️ Vuln allows attackers to access files in the root of the app when Next.js is authorized in the middleware. Search at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/r9CE45XrUC #cybersecurity #vulnerability_map http
@Netlas_io
19 Dec 2024
12 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-51479: Next.js authorization bypass vulnerability poc? localhost:3000/admin?__nextLocale=anything
@le4rner
19 Dec 2024
1650 Impressions
6 Retweets
30 Likes
16 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2024-51479: Next.js Authorization Bypass Vulnerability Affects Millions of Developers 🎯3m+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/Hi9SK1gkXj FOFA Query:app="NEXT.JS" 🔖Refer: https://t.co/Q0jIORzafB #OSINT #FOFA… http
@fofabot
19 Dec 2024
2050 Impressions
17 Retweets
39 Likes
10 Bookmarks
0 Replies
0 Quotes
CVE-2024-51479 Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based o… https://t.co/KvtxTd8PRX
@CVEnew
17 Dec 2024
285 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes