How severe is CVE-2024-34351?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-34351?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2024-34351 - HIGH Severity | CVSS 7.5

Vulnerability Description

Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.

Related Vulnerabilities

CVE-2007-6758

HIGH

CVSS:7.5(High)

Server-side request forgery (SSRF) vulnerability in feed-proxy.php in extjs 5.0.0.

CWE-9182007

CVE-2017-0929

HIGH

CVSS:7.5(High)

DNN (aka DotNetNuke) before 9.2.0 suffers from a Server-Side Request Forgery (SSRF) vulnerability in the DnnImageHandler class. Attackers may be able to access information about internal network resou...

CWE-9182017

CVE-2017-1000419

HIGH

CVSS:7.5(High)

phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar function resulting allowing an attacker to perform port scanning, requesting internal content and potentially attacking such internal ser...

CWE-9182017

CVE-2017-18638

HIGH

CVSS:7.5(High)

send_email in graphite-web/webapp/graphite/composer/views.py in Graphite through 1.1.5 is vulnerable to SSRF. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server re...

CWE-9182017

CVE-2017-3164

HIGH

CVSS:7.5(High)

Server Side Request Forgery in Apache Solr, versions 1.3 until 7.6 (inclusive). Since the "shards" parameter does not have a corresponding whitelist mechanism, a remote attacker with access to the ser...

CWE-9182017

CVE-2018-12809

HIGH

CVSS:7.5(High)

Adobe Experience Manager versions 6.4 and earlier have a Server-Side Request Forgery vulnerability. Successful exploitation could lead to sensitive information disclosure.

CWE-9182018