Skip to content

Commit 238ba63

Browse files
penalosapenalosa
committed
updates
1 parent c87e792 commit 238ba63

File tree

1 file changed

+9
-3
lines changed

1 file changed

+9
-3
lines changed

src/content/changelog/workers/2025-06-17-open-next-ssrf.mdx

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,20 @@
11
---
2-
title: SSRF vulnerability in opennextjs-cloudflare via /_next/image endpoint
3-
description: A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, which has been automatically mitigated for all existing deployments.
2+
title: SSRF vulnerability in @opennextjs/cloudflare proactively mitigated for all Cloudflare customers
3+
description: Mitigations have been put in place for all existing and future deployments of sites with the Cloudflare adapter for Open Next in response to an identified Server-Side Request Forgery (SSRF) vulnerability in the @opennextjs/cloudflare package
44
products:
55
- workers
66
date: 2025-06-17T01:00:00Z
77
---
88

9+
<<<<<<< HEAD
910
A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, which has been automatically mitigated for all Next.js apps deployed to Cloudflare that use the @opennextjs/cloudflare package.
11+
||||||| parent of 0aa4c5a3c9 (updates)
12+
A Server-Side Request Forgery (SSRF) vulnerability was identified in the @opennextjs/cloudflare package, which has been automatically mitigated for all existing deployments.
13+
=======
14+
Mitigations have been put in place for all existing and future deployments of sites with the Cloudflare adapter for Open Next in response to an identified Server-Side Request Forgery (SSRF) vulnerability in the `@opennextjs/cloudflare` package
15+
>>>>>>> 0aa4c5a3c9 (updates)
1016

11-
The vulnerability stems from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed users to proxy arbitrary remote content via the `/_next/image` endpoint.
17+
The vulnerability stemmed from an unimplemented feature in the Cloudflare adapter for Open Next, which allowed users to proxy arbitrary remote content via the `/_next/image` endpoint.
1218

1319
This issue allowed attackers to load remote resources from arbitrary hosts under the victim site's domain for any site deployed using the Cloudflare adapter for Open Next. For example: `https://victim-site.com/_next/image?url=https://attacker.com`. In this example, attacker-controlled content from `attacker.com` is served through the victim site's domain (`victim-site.com`), violating the same-origin policy and potentially misleading users or other services.
1420

0 commit comments

Comments
 (0)