Vercel Next.js 13.4.0 for Node.js
Approved changes feed: RSS · Atom
cpe:2.3:a:vercel:next.js:13.4.0:*:*:*:*:node.js:*:*
part: a version: 13.4.0 update: *
| Vendor | Vercel (5676cb1a-0d7f-5c57-9405-b569f0c482e7) |
|---|---|
| Product | Next.Js (291cbef7-fa11-595c-86e3-5c00f9c5cf94) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | node.js |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/vercel/next.js |
purl2cpe | 2026-06-01 10:11:38.620955 |
pkg:sourceforge/next-js.mirror |
purl2cpe | 2026-06-01 10:11:38.620956 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-34351 |
vulnerable | 2026-06-08 06:37:33.154759 |
Next.js Server-Side Request Forgery in Server Actions
HIGH (7.5)
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.
Published: 2024-05-09T16:14:16.236Z
Updated: 2024-08-02T02:51:09.867Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.