Add CVE-2024-51479 for next.js

RetireJS · Dec 29, 2024 · c57c288 · c57c288
1 parent 17e9c12
commit c57c288
Show file tree

Hide file tree

Showing 5 changed files with 115 additions and 0 deletions.
diff --git a/repository/jsrepository-master.json b/repository/jsrepository-master.json
@@ -5193,6 +5193,29 @@
   "nextjs": {
     "npmname": "next",
     "vulnerabilities": [
+      {
+        "ranges": [
+          {
+            "atOrAbove": "9.5.5",
+            "below": "14.2.15"
+          }
+        ],
+        "summary": "Next.js authorization bypass vulnerability",
+        "cwe": ["CWE-285"],
+        "severity": "high",
+        "identifiers": {
+          "CVE": ["CVE-2024-51479"],
+          "githubID": "GHSA-7gfc-8cq8-jh5f"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7gfc-8cq8-jh5f",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
+          "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
+          "https://github.com/vercel/next.js",
+          "https://github.com/vercel/next.js/releases/tag/v14.2.15"
+        ]
+      },
       {
         "ranges": [
           {

diff --git a/repository/jsrepository-v2.json b/repository/jsrepository-v2.json
@@ -7059,6 +7059,29 @@
           "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
           "https://github.com/vercel/next.js"
         ]
+      },
+      {
+        "atOrAbove": "9.5.5",
+        "below": "14.2.15",
+        "cwe": [
+          "CWE-285"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "Next.js authorization bypass vulnerability",
+          "CVE": [
+            "CVE-2024-51479"
+          ],
+          "githubID": "GHSA-7gfc-8cq8-jh5f"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7gfc-8cq8-jh5f",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
+          "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
+          "https://github.com/vercel/next.js",
+          "https://github.com/vercel/next.js/releases/tag/v14.2.15"
+        ]
       }
     ],
     "extractors": {

diff --git a/repository/jsrepository-v3.json b/repository/jsrepository-v3.json
@@ -7221,6 +7221,29 @@
             "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
             "https://github.com/vercel/next.js"
           ]
+        },
+        {
+          "atOrAbove": "9.5.5",
+          "below": "14.2.15",
+          "cwe": [
+            "CWE-285"
+          ],
+          "severity": "high",
+          "identifiers": {
+            "summary": "Next.js authorization bypass vulnerability",
+            "CVE": [
+              "CVE-2024-51479"
+            ],
+            "githubID": "GHSA-7gfc-8cq8-jh5f"
+          },
+          "info": [
+            "https://github.com/advisories/GHSA-7gfc-8cq8-jh5f",
+            "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
+            "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
+            "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
+            "https://github.com/vercel/next.js",
+            "https://github.com/vercel/next.js/releases/tag/v14.2.15"
+          ]
         }
       ],
       "extractors": {

diff --git a/repository/jsrepository-v4.json b/repository/jsrepository-v4.json
@@ -7220,6 +7220,29 @@
           "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
           "https://github.com/vercel/next.js"
         ]
+      },
+      {
+        "atOrAbove": "9.5.5",
+        "below": "14.2.15",
+        "cwe": [
+          "CWE-285"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "Next.js authorization bypass vulnerability",
+          "CVE": [
+            "CVE-2024-51479"
+          ],
+          "githubID": "GHSA-7gfc-8cq8-jh5f"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7gfc-8cq8-jh5f",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
+          "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
+          "https://github.com/vercel/next.js",
+          "https://github.com/vercel/next.js/releases/tag/v14.2.15"
+        ]
       }
     ],
     "extractors": {

diff --git a/repository/jsrepository.json b/repository/jsrepository.json
@@ -6998,6 +6998,29 @@
           "https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda",
           "https://github.com/vercel/next.js"
         ]
+      },
+      {
+        "atOrAbove": "9.5.5",
+        "below": "14.2.15",
+        "cwe": [
+          "CWE-285"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "Next.js authorization bypass vulnerability",
+          "CVE": [
+            "CVE-2024-51479"
+          ],
+          "githubID": "GHSA-7gfc-8cq8-jh5f"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-7gfc-8cq8-jh5f",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-7gfc-8cq8-jh5f",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-51479",
+          "https://github.com/vercel/next.js/commit/1c8234eb20bc8afd396b89999a00f06b61d72d7b",
+          "https://github.com/vercel/next.js",
+          "https://github.com/vercel/next.js/releases/tag/v14.2.15"
+        ]
       }
     ],
     "extractors": {