{"id":"CVE-2024-34351","summary":"Next.js Server-Side Request Forgery in Server Actions","details":"Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`.","aliases":["GHSA-fr5h-rqp8-mj6g"],"modified":"2026-04-10T05:12:53.818352Z","published":"2024-05-09T16:14:16.236Z","related":["CGA-39w9-hrr6-46f9"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/34xxx/CVE-2024-34351.json","cwe_ids":["CWE-918"],"cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/34xxx/CVE-2024-34351.json"},{"type":"ADVISORY","url":"https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-34351"},{"type":"FIX","url":"https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085"},{"type":"FIX","url":"https://github.com/vercel/next.js/pull/62561"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vercel/next.js","events":[{"introduced":"fb12a6dc877c5ce2f21246f4921494a1b8e356a6"},{"fixed":"5f59ee5f197a09275da7a9fa876986f22f4b7711"}]}],"versions":["v13.4.0","v13.4.1","v13.4.1-canary.0","v13.4.1-canary.1","v13.4.1-canary.2","v13.4.10","v13.4.10-canary.0","v13.4.10-canary.1","v13.4.10-canary.2","v13.4.10-canary.3","v13.4.10-canary.4","v13.4.10-canary.5","v13.4.10-canary.6","v13.4.10-canary.7","v13.4.10-canary.8","v13.4.11","v13.4.11-canary.0","v13.4.11-canary.1","v13.4.11-canary.2","v13.4.12","v13.4.13","v13.4.13-canary.0","v13.4.13-canary.1","v13.4.13-canary.10","v13.4.13-canary.11","v13.4.13-canary.12","v13.4.13-canary.13","v13.4.13-canary.14","v13.4.13-canary.15","v13.4.13-canary.16","v13.4.13-canary.17","v13.4.13-canary.18","v13.4.13-canary.2","v13.4.13-canary.3","v13.4.13-canary.4","v13.4.13-canary.5","v13.4.13-canary.6","v13.4.13-canary.7","v13.4.13-canary.8","v13.4.13-canary.9","v13.4.14","v13.4.14-canary.0","v13.4.14-canary.1","v13.4.14-canary.2","v13.4.14-canary.3","v13.4.14-canary.4","v13.4.14-canary.5","v13.4.15","v13.4.15-canary.0","v13.4.16","v13.4.16-canary.0","v13.4.16-canary.1","v13.4.17","v13.4.17-canary.0","v13.4.17-canary.1","v13.4.17-canary.2","v13.4.18","v13.4.18-canary.0","v13.4.19","v13.4.19-canary.0","v13.4.2","v13.4.2-canary.0","v13.4.2-canary.1","v13.4.2-canary.2","v13.4.2-canary.3","v13.4.2-canary.4","v13.4.2-canary.5","v13.4.2-canary.6","v13.4.20-canary.0","v13.4.20-canary.1","v13.4.20-canary.10","v13.4.20-canary.11","v13.4.20-canary.12","v13.4.20-canary.13","v13.4.20-canary.14","v13.4.20-canary.15","v13.4.20-canary.16","v13.4.20-canary.17","v13.4.20-canary.18","v13.4.20-canary.19","v13.4.20-canary.2","v13.4.20-canary.20","v13.4.20-canary.21","v13.4.20-canary.22","v13.4.20-canary.23","v13.4.20-canary.24","v13.4.20-canary.25","v13.4.20-canary.26","v13.4.20-canary.27","v13.4.20-canary.28","v13.4.20-canary.29","v13.4.20-canary.3","v13.4.20-canary.31","v13.4.20-canary.32","v13.4.20-canary.33","v13.4.20-canary.34","v13.4.20-canary.35","v13.4.20-canary.36","v13.4.20-canary.37","v13.4.20-canary.38","v13.4.20-canary.39","v13.4.20-canary.4","v13.4.20-canary.40","v13.4.20-canary.41","v13.4.20-canary.5","v13.4.20-canary.6","v13.4.20-canary.7","v13.4.20-canary.8","v13.4.20-canary.9","v13.4.3","v13.4.3-canary.0","v13.4.3-canary.1","v13.4.3-canary.2","v13.4.3-canary.3","v13.4.4","v13.4.4-canary.0","v13.4.4-canary.1","v13.4.4-canary.10","v13.4.4-canary.11","v13.4.4-canary.12","v13.4.4-canary.13","v13.4.4-canary.2","v13.4.4-canary.3","v13.4.4-canary.4","v13.4.4-canary.5","v13.4.4-canary.6","v13.4.4-canary.7","v13.4.4-canary.8","v13.4.4-canary.9","v13.4.5","v13.4.5-canary.0","v13.4.5-canary.1","v13.4.5-canary.10","v13.4.5-canary.11","v13.4.5-canary.12","v13.4.5-canary.2","v13.4.5-canary.3","v13.4.5-canary.4","v13.4.5-canary.5","v13.4.5-canary.6","v13.4.5-canary.7","v13.4.5-canary.8","v13.4.5-canary.9","v13.4.6","v13.4.6-canary.0","v13.4.6-canary.1","v13.4.6-canary.2","v13.4.6-canary.3","v13.4.6-canary.4","v13.4.6-canary.5","v13.4.6-canary.6","v13.4.6-canary.7","v13.4.6-canary.8","v13.4.7","v13.4.7-canary.0","v13.4.7-canary.1","v13.4.7-canary.2","v13.4.7-canary.3","v13.4.7-canary.4","v13.4.8","v13.4.8-canary.0","v13.4.8-canary.1","v13.4.8-canary.10","v13.4.8-canary.11","v13.4.8-canary.12","v13.4.8-canary.13","v13.4.8-canary.14","v13.4.8-canary.15","v13.4.8-canary.2","v13.4.8-canary.3","v13.4.8-canary.4","v13.4.8-canary.5","v13.4.8-canary.6","v13.4.8-canary.7","v13.4.8-canary.8","v13.4.8-canary.9","v13.4.9","v13.4.9-canary.0","v13.4.9-canary.1","v13.4.9-canary.2","v13.4.9-canary.3","v13.5.0","v13.5.1","v13.5.1-canary.0","v13.5.1-canary.1","v13.5.2","v13.5.2-canary.0","v13.5.2-canary.1","v13.5.2-canary.2","v13.5.3","v13.5.3-canary.0","v13.5.3-canary.1","v13.5.3-canary.3","v13.5.3-canary.4","v13.5.4","v13.5.4-canary.0","v13.5.4-canary.1","v13.5.4-canary.11","v13.5.4-canary.2","v13.5.4-canary.3","v13.5.4-canary.4","v13.5.4-canary.5","v13.5.4-canary.6","v13.5.4-canary.7","v13.5.4-canary.8","v13.5.4-canary.9","v13.5.5","v13.5.5-canary.0","v13.5.5-canary.1","v13.5.5-canary.10","v13.5.5-canary.11","v13.5.5-canary.12","v13.5.5-canary.13","v13.5.5-canary.14","v13.5.5-canary.15","v13.5.5-canary.16","v13.5.5-canary.17","v13.5.5-canary.18","v13.5.5-canary.19","v13.5.5-canary.2","v13.5.5-canary.3","v13.5.5-canary.4","v13.5.5-canary.5","v13.5.5-canary.6","v13.5.5-canary.7","v13.5.5-canary.8","v13.5.5-canary.9","v13.5.6-canary.0","v13.5.6-canary.1","v13.5.6-canary.2","v13.5.6-canary.3","v13.5.6-canary.4","v13.5.6-canary.5","v13.5.6-canary.6","v13.5.6-canary.7","v13.5.6-canary.8","v13.5.7-canary.10","v13.5.7-canary.11","v13.5.7-canary.12","v13.5.7-canary.13","v13.5.7-canary.14","v13.5.7-canary.15","v13.5.7-canary.16","v13.5.7-canary.17","v13.5.7-canary.18","v13.5.7-canary.19","v13.5.7-canary.20","v13.5.7-canary.21","v13.5.7-canary.22","v13.5.7-canary.23","v13.5.7-canary.24","v13.5.7-canary.25","v13.5.7-canary.26","v13.5.7-canary.27","v13.5.7-canary.29","v13.5.7-canary.30","v13.5.7-canary.31","v13.5.7-canary.33","v13.5.7-canary.34","v13.5.7-canary.35","v13.5.7-canary.36","v13.5.7-canary.37","v13.5.7-canary.9","v14.0.0","v14.0.1","v14.0.1-canary.0","v14.0.1-canary.1","v14.0.1-canary.2","v14.0.1-canary.3","v14.0.1-canary.4","v14.0.1-canary.5","v14.0.2","v14.0.2-canary.0","v14.0.2-canary.1","v14.0.2-canary.10","v14.0.2-canary.11","v14.0.2-canary.12","v14.0.2-canary.13","v14.0.2-canary.14","v14.0.2-canary.15","v14.0.2-canary.16","v14.0.2-canary.17","v14.0.2-canary.18","v14.0.2-canary.19","v14.0.2-canary.2","v14.0.2-canary.20","v14.0.2-canary.21","v14.0.2-canary.22","v14.0.2-canary.23","v14.0.2-canary.24","v14.0.2-canary.25","v14.0.2-canary.26","v14.0.2-canary.27","v14.0.2-canary.3","v14.0.2-canary.4","v14.0.2-canary.5","v14.0.2-canary.6","v14.0.2-canary.7","v14.0.2-canary.8","v14.0.2-canary.9","v14.0.3","v14.0.3-canary.0","v14.0.3-canary.1","v14.0.3-canary.10","v14.0.3-canary.11","v14.0.3-canary.12","v14.0.3-canary.2","v14.0.3-canary.3","v14.0.3-canary.4","v14.0.3-canary.5","v14.0.3-canary.6","v14.0.3-canary.7","v14.0.3-canary.8","v14.0.3-canary.9","v14.0.4","v14.0.4-canary.0","v14.0.4-canary.1","v14.0.4-canary.10","v14.0.4-canary.11","v14.0.4-canary.12","v14.0.4-canary.13","v14.0.4-canary.14","v14.0.4-canary.15","v14.0.4-canary.16","v14.0.4-canary.17","v14.0.4-canary.18","v14.0.4-canary.19","v14.0.4-canary.2","v14.0.4-canary.20","v14.0.4-canary.21","v14.0.4-canary.22","v14.0.4-canary.23","v14.0.4-canary.24","v14.0.4-canary.25","v14.0.4-canary.26","v14.0.4-canary.27","v14.0.4-canary.28","v14.0.4-canary.29","v14.0.4-canary.3","v14.0.4-canary.30","v14.0.4-canary.31","v14.0.4-canary.32","v14.0.4-canary.33","v14.0.4-canary.34","v14.0.4-canary.35","v14.0.4-canary.36","v14.0.4-canary.37","v14.0.4-canary.38","v14.0.4-canary.39","v14.0.4-canary.4","v14.0.4-canary.40","v14.0.4-canary.41","v14.0.4-canary.42","v14.0.4-canary.43","v14.0.4-canary.44","v14.0.4-canary.45","v14.0.4-canary.46","v14.0.4-canary.47","v14.0.4-canary.48","v14.0.4-canary.49","v14.0.4-canary.5","v14.0.4-canary.6","v14.0.4-canary.7","v14.0.4-canary.8","v14.0.4-canary.9","v14.0.5-canary.0","v14.0.5-canary.1","v14.0.5-canary.10","v14.0.5-canary.11","v14.0.5-canary.12","v14.0.5-canary.13","v14.0.5-canary.14","v14.0.5-canary.15","v14.0.5-canary.16","v14.0.5-canary.17","v14.0.5-canary.18","v14.0.5-canary.19","v14.0.5-canary.2","v14.0.5-canary.20","v14.0.5-canary.21","v14.0.5-canary.22","v14.0.5-canary.23","v14.0.5-canary.24","v14.0.5-canary.25","v14.0.5-canary.26","v14.0.5-canary.27","v14.0.5-canary.28","v14.0.5-canary.29","v14.0.5-canary.3","v14.0.5-canary.30","v14.0.5-canary.31","v14.0.5-canary.32","v14.0.5-canary.33","v14.0.5-canary.34","v14.0.5-canary.35","v14.0.5-canary.36","v14.0.5-canary.37","v14.0.5-canary.38","v14.0.5-canary.39","v14.0.5-canary.4","v14.0.5-canary.40","v14.0.5-canary.41","v14.0.5-canary.42","v14.0.5-canary.43","v14.0.5-canary.44","v14.0.5-canary.45","v14.0.5-canary.46","v14.0.5-canary.47","v14.0.5-canary.48","v14.0.5-canary.49","v14.0.5-canary.5","v14.0.5-canary.50","v14.0.5-canary.51","v14.0.5-canary.52","v14.0.5-canary.53","v14.0.5-canary.54","v14.0.5-canary.55","v14.0.5-canary.56","v14.0.5-canary.57","v14.0.5-canary.58","v14.0.5-canary.59","v14.0.5-canary.6","v14.0.5-canary.60","v14.0.5-canary.61","v14.0.5-canary.62","v14.0.5-canary.63","v14.0.5-canary.64","v14.0.5-canary.65","v14.0.5-canary.66","v14.0.5-canary.67","v14.0.5-canary.68","v14.0.5-canary.7","v14.0.5-canary.8","v14.0.5-canary.9","v14.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-34351.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}