Authorization Bypass Vulnerability in Next.js Framework
CVE-2024-51479

Currently unrated

Key Information:

Vendor
Vercel
Vendor
CVE Published:
17 December 2024

Badges

๐Ÿ“ˆ Score: 530๐Ÿ‘พ Exploit Exists๐Ÿ“ฐ News Worthy

Summary

CVE-2024-51479 is a critical vulnerability affecting the Next.js framework, which is widely used for building full-stack web applications. In versions prior to 14.2.15, a flaw exists in the authorization mechanism within middleware where pathname-based authorization can be bypassed. This means unauthorized users may access pages directly under the application's root directory, compromising the integrity of web applications. Next.js applications hosted on Vercel have automatic mitigation against this vulnerability, ensuring that even older versions are protected. No official workarounds are available; thus, updating to version 14.2.15 or later is strongly recommended to safeguard against potential exploits.

News Articles

favicon imageGBHackers News

Next.js Vulnerability Let Attackers Bypass Authentication

A high-severity vulnerability has been discovered in the popular web framework, Next.js, which allows attackers to bypass authentication.

References

https://github.com/vercel/next.js/releases/tag/v14.2.15
https://github.com/vercel/next.js/security/advisories/GHS...

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • ๐Ÿ“ฐ

    First article discovered by GBHackers News

  • Vulnerability published

.