BlockBeats reported that on May 10, SlowMist Chief Information Security Officer 23pds said that the well-known React front-end development framework Next.js was found to have an SSRF vulnerability (CVE-2024-34351), which can be exploited by attackers to read arbitrary files on the server.
23pds pointed out that a large number of platforms in the encryption industry are using the Next.js framework for development, which will face serious security risks if not fixed in time. The official patch has been released, and the vulnerability can be fixed by upgrading Next.js to the latest v14.1.1 version.
SSRF (Server-Side Request Forgery) is a security vulnerability constructed by an attacker to initiate a request from the server. Generally, the target of SSRF attacks is internal systems that cannot be accessed from the external network.