CVE-2024-34351 | BestHub

Rare Earth Juejin Tech Community

Jul 14, 2024 · Information Security

The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)

This article demonstrates how a NextJS SSRF vulnerability (CVE‑2024‑34351) can be exploited by abusing the HTTP Host header, walks through the underlying code, reproduces the attack to retrieve a protected flag file, and discusses mitigation strategies for developers.

CVE-2024-34351Host headerSSRF

0 likes · 11 min read

The Dangers of Host Header Abuse Illustrated by a NextJS SSRF Vulnerability (CVE-2024-34351)