关联漏洞
标题:
Next.js 安全漏洞
(CVE-2024-46982)
描述:Next.js是Vercel开源的一个 React 框架。 Next.js 13.5.1版本至14.2.10之前版本存在安全漏洞。攻击者利用该漏洞通过发送特制HTTP请求,毒害页面路由器中非动态服务器端呈现路由的缓存。
介绍
This is a [Next.js](https://nextjs.org/) project bootstrapped with [`create-next-app`](https://github.com/vercel/next.js/tree/canary/packages/create-next-app).
## Getting Started
First, run the development server:
```bash
npm run dev
# or
yarn dev
# or
pnpm dev
# or
bun run dev
```
Open [http://localhost:3000](http://localhost:3000) with your browser to see the result.
You can start editing the page by modifying `pages/index.js`. The page auto-updates as you edit the file.
[API routes](https://nextjs.org/docs/api-routes/introduction) can be accessed on [http://localhost:3000/api/hello](http://localhost:3000/api/hello). This endpoint can be edited in `pages/api/hello.js`.
The `pages/api` directory is mapped to `/api/*`. Files in this directory are treated as [API routes](https://nextjs.org/docs/api-routes/introduction) instead of React pages.
This project uses [`next/font`](https://nextjs.org/docs/basic-features/font-optimization) to automatically optimize and load Inter, a custom Google Font.
## Learn More
To learn more about Next.js, take a look at the following resources:
- [Next.js Documentation](https://nextjs.org/docs) - learn about Next.js features and API.
- [Learn Next.js](https://nextjs.org/learn) - an interactive Next.js tutorial.
You can check out [the Next.js GitHub repository](https://github.com/vercel/next.js/) - your feedback and contributions are welcome!
## Deploy on Vercel
The easiest way to deploy your Next.js app is to use the [Vercel Platform](https://vercel.com/new?utm_medium=default-template&filter=next.js&utm_source=create-next-app&utm_campaign=create-next-app-readme) from the creators of Next.js.
Check out our [Next.js deployment documentation](https://nextjs.org/docs/deployment) for more details.
文件快照
[4.0K] /data/pocs/e5395b830cf5902e4515f09b4319eedf70ae0c70
├── [ 73] jsconfig.json
├── [ 118] next.config.js
├── [ 290] package.json
├── [ 14K] package-lock.json
├── [4.0K] pages
│ ├── [ 89] about.js
│ ├── [4.0K] api
│ │ └── [ 170] hello.js
│ ├── [ 127] _app.js
│ ├── [ 170] dashboard.js
│ ├── [ 231] _document.js
│ └── [1.1K] index.js
├── [4.0K] public
│ ├── [ 25K] favicon.ico
│ ├── [1.3K] next.svg
│ └── [ 629] vercel.svg
├── [1.7K] README.md
└── [4.0K] styles
├── [2.2K] globals.css
└── [3.8K] Home.module.css
4 directories, 16 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。