.. / CVE-2024-34351

Exploit for Next.js - Server Side Request Forgery (SSRF) (CVE-2024-34351)

Description:

Next.Js, inferior to version 14.1.1, have its image optimization built-in component prone to SSRF.

Nuclei Template

View the template here CVE-2024-34351.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-34351.yaml
Copy

References:

https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g
https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085
https://github.com/vercel/next.js/pull/62561
https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps
https://nvd.nist.gov/vuln/detail/CVE-2024-34351