Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Next.js Incorrect Authorization Vulnerability - CVE-2024-51479 - Vulnerability Database
Next.js

Next.js Incorrect Authorization Vulnerability - CVE-2024-51479

High
Reference: CVE-2024-51479
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2024-51479
Title: Next.js Incorrect Authorization Vulnerability
Overview:

Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname it was possible for this authorization to be bypassed for pages directly under the application39s root directory. For example: Not affected https://example.com/ Affected https://example.com/foo Not affected https://example.com/foo/bar. This issue is patched in Next.js 14.2.15 and later. If your Next.js application is hosted on Vercel this vulnerability has been automatically mitigated regardless of Next.js version. There are no official workarounds for this vulnerability.