CVE-2024-51479
CVSS V2 None
CVSS V3 None
Description
Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability.
Overview
- CVE ID
- CVE-2024-51479
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-12-17T18:13:02.806Z
- Last Modified Date
- 2024-12-17T20:36:28.402Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f | x_refsource_CONFIRM |
https://github.com/vercel/next.js/releases/tag/v14.2.15 | x_refsource_MISC |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-51479 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51479 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-12-18 13:05:11 | Added to TrackCVE |