{"uuid": "9c88f825-bd41-43e3-b134-e625f734302f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "GHSA-FR5H-RQP8-MJ6G", "type": "published-proof-of-concept", "source": "https://t.me/hackingbra/126", "content": "\ud83d\udea8Alert\ud83d\udea8CVE-2024-34351:Next.js Server-Side Request Forgery in Server Actions\n\ud83d\udd25PoC: https://www.assetnote.io/resources/research/digging-for-ssrf-in-nextjs-apps#/ \n\u26a0A SSRF vulnerability was identified in Next.js Server Actions by security researchers at Assetnote. If the Host header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself.\n\ud83d\udcca3.1M+ Services are found on  hunter.how\n\ud83d\udd17Hunter Link: https://hunter.how/list?searchValue=product.name%3D%22Next.js%22 \n\ud83d\udcf0Refer: https://github.com/advisories/GHSA-fr5h-rqp8-mj6g \nHunter:/product.name=\"Next.js\"\nFOFA:app=\"Next.js\"\nSHODAN:http.component:\"Next.js\"", "creation_timestamp": "2024-05-10T12:42:38.000000Z"}