CVE-2024-51479

CVSS V2 None CVSS V3 None
Description
Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.
Overview
  • CVE ID
  • CVE-2024-51479
  • Assigner
  • GitHub_M
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-12-17T18:13:02.806Z
  • Last Modified Date
  • 2024-12-17T20:36:28.402Z
History
Created Old Value New Value Data Type Notes
2024-12-18 13:05:11 Added to TrackCVE