← Back to CVE List

CVE-2024-51479

Published: 2024-12-17T19:15Z
Last Modified: 2024-12-17T19:15Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt