Fix CVE-2024-34351 in Next.js HIGH
Fix CVE-2024-34351 (server-side request forgery in Host header) in Next.js for npm. Paste your package.json into PackageFix and get a patched version back — no CLI, no signup.
⚠ Vulnerability
CVE-2024-34351 — server-side request forgery in Host header in Next.js. Update to 14.1.1 or later.
Vulnerable Version — package.json
"next": "14.0.0"
Fixed Version — package.json
"next": "14.1.1"
✓ Fix
Update to 14.1.1 and run npm install to apply the fix.
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
What is CVE-2024-34351?
CVE-2024-34351 is a vulnerability in Next.js that allows server-side request forgery in Host header. Update to version 14.1.1 or later to fix it.
Is CVE-2024-34351 on the CISA KEV catalog?
Check the live CISA KEV catalog at packagefix.dev — the catalog updates daily and PackageFix always reflects the current status.
How do I fix CVE-2024-34351 in Next.js?
Update Next.js to version 14.1.1 or later in your package.json. Run npm install after updating.
Does CVE-2024-34351 affect all versions of Next.js?
Check the OSV advisory for the exact affected version range. PackageFix shows the minimum safe version for your installed version.