[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-11658":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":10,"rankLanguage":10,"license":10,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":15,"starSnapshotCount":15,"syncStatus":16,"lastSyncTime":27,"discoverSource":28},11658,"next-16.2.4-pocs","dwisiswant0\u002Fnext-16.2.4-pocs","dwisiswant0","Next.js v16.2.4 Security PoC Collection (CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572)","https:\u002F\u002Fneo.projectdiscovery.io\u002Fshare\u002Fd250e203-4313-4be3-b108-837c2f8ea693",null,"Python",164,36,39,0,2,3,47,6,51.9,false,"base",[],"2026-06-12 04:00:55","# Next.js v16.2.4 Security PoC Collection\n\nThis repository collects reverse-engineered proof-of-concept material for the security issues fixed in Next.js `v16.2.5`. The root of the repo holds the release-window analysis, and `poc\u002F` holds one PoC bundle per advisory.\n\nThis collection was reverse-engineered with [Neo by ProjectDiscovery](https:\u002F\u002Fneo.projectdiscovery.io). Public workspace: https:\u002F\u002Fneo.projectdiscovery.io\u002Fshare\u002Fd250e203-4313-4be3-b108-837c2f8ea693\n\nAll issues covered here are publicly disclosed and patched. The material is intended for defensive research, regression testing, and detection work.\n\n## Repository layout\n    \n- `SUMMARY.md` - commit-diff analysis for `v16.2.4..v16.2.5`, including the security-relevant commits that led to this collection.\n- `poc\u002FREADME.md` - the full advisory matrix, severity breakdown, hosting-model notes, and the detailed methodology behind the PoCs.\n- `poc\u002F\u003Cadvisory>\u002F` - one directory per GHSA\u002FCVE, usually containing:\n  - `README.md` - issue write-up and exploit chain\n  - `vulnerable-code.md` - relevant pre-patch source excerpts\n  - `patch.diff` - upstream fix or the closest public patch material\n  - `exploit.py` and `exploit.sh` - runnable exploit primitives\n  - `expected-output.txt` - reference behavior\n  - `vulnerable-app\u002F` - a minimal Next.js app or stub service used for reproduction\n\n## Coverage\n\nThis repo covers 12 advisories fixed in the `v16.2.4..v16.2.5` release window:\n\n| Directory | Advisory | Severity | Focus |\n|---|---|---|---|\n| [`poc\u002FCVE-2026-23870_GHSA-8h8q-6873-q5fj\u002F`](.\u002Fpoc\u002FCVE-2026-23870_GHSA-8h8q-6873-q5fj\u002F) | CVE-2026-23870 \u002F GHSA-8h8q-6873-q5fj | High | React server-action stream DoS |\n| [`poc\u002FCVE-2026-44575_GHSA-267c-6grr-h53f\u002F`](.\u002Fpoc\u002FCVE-2026-44575_GHSA-267c-6grr-h53f\u002F) | CVE-2026-44575 \u002F GHSA-267c-6grr-h53f | High | App Router prefetch middleware bypass |\n| [`poc\u002FCVE-2026-44579_GHSA-mg66-mrh9-m8jx\u002F`](.\u002Fpoc\u002FCVE-2026-44579_GHSA-mg66-mrh9-m8jx\u002F) | CVE-2026-44579 \u002F GHSA-mg66-mrh9-m8jx | High | `next-resume` connection exhaustion |\n| [`poc\u002FCVE-2026-44574_GHSA-492v-c6pp-mqqv\u002F`](.\u002Fpoc\u002FCVE-2026-44574_GHSA-492v-c6pp-mqqv\u002F) | CVE-2026-44574 \u002F GHSA-492v-c6pp-mqqv | High | Dynamic-route and middleware mismatch |\n| [`poc\u002FCVE-2026-44578_GHSA-c4j6-fc7j-m34r\u002F`](.\u002Fpoc\u002FCVE-2026-44578_GHSA-c4j6-fc7j-m34r\u002F) | CVE-2026-44578 \u002F GHSA-c4j6-fc7j-m34r | High | WebSocket upgrade SSRF, self-hosted only |\n| [`poc\u002FCVE-2026-44573_GHSA-36qx-fr4f-26g5\u002F`](.\u002Fpoc\u002FCVE-2026-44573_GHSA-36qx-fr4f-26g5\u002F) | CVE-2026-44573 \u002F GHSA-36qx-fr4f-26g5 | High | Pages Router i18n data-route bypass |\n| [`poc\u002FCVE-2026-44581_GHSA-ffhc-5mcf-pf4q\u002F`](.\u002Fpoc\u002FCVE-2026-44581_GHSA-ffhc-5mcf-pf4q\u002F) | CVE-2026-44581 \u002F GHSA-ffhc-5mcf-pf4q | Moderate | CSP nonce parsing edge case |\n| [`poc\u002FCVE-2026-44580_GHSA-gx5p-jg67-6x7h\u002F`](.\u002Fpoc\u002FCVE-2026-44580_GHSA-gx5p-jg67-6x7h\u002F) | CVE-2026-44580 \u002F GHSA-gx5p-jg67-6x7h | Moderate | `next\u002Fscript` `beforeInteractive` XSS |\n| [`poc\u002FCVE-2026-44577_GHSA-h64f-5h5j-jqjh\u002F`](.\u002Fpoc\u002FCVE-2026-44577_GHSA-h64f-5h5j-jqjh\u002F) | CVE-2026-44577 \u002F GHSA-h64f-5h5j-jqjh | Moderate | Image optimizer decompression bomb, self-hosted only |\n| [`poc\u002FCVE-2026-44576_GHSA-wfc6-r584-vfw7\u002F`](.\u002Fpoc\u002FCVE-2026-44576_GHSA-wfc6-r584-vfw7\u002F) | CVE-2026-44576 \u002F GHSA-wfc6-r584-vfw7 | Moderate | RSC and HTML cache confusion |\n| [`poc\u002FCVE-2026-44582_GHSA-vfv6-92ff-j949\u002F`](.\u002Fpoc\u002FCVE-2026-44582_GHSA-vfv6-92ff-j949\u002F) | CVE-2026-44582 \u002F GHSA-vfv6-92ff-j949 | Low | Weak `_rsc` cache-busting hash |\n| [`poc\u002FCVE-2026-44572_GHSA-3g8h-86w9-wvmq\u002F`](.\u002Fpoc\u002FCVE-2026-44572_GHSA-3g8h-86w9-wvmq\u002F) | CVE-2026-44572 \u002F GHSA-3g8h-86w9-wvmq | Low | `x-nextjs-data` redirect cache poisoning |\n\nThe detailed severity, CVSS, CWE mapping, and hosting applicability live in [`poc\u002FREADME.md`](.\u002Fpoc\u002FREADME.md).\n\n## Getting started\n\n1. Read [`SUMMARY.md`](.\u002FSUMMARY.md) for the release-window analysis.\n2. Read [`poc\u002FREADME.md`](.\u002Fpoc\u002FREADME.md) for the full advisory table and attack-surface overview.\n3. Pick a PoC directory and start with its local `README.md`.\n4. Run the matching exploit against a vulnerable target.\n\nRun a single PoC:\n\n```bash\nTARGET=http:\u002F\u002Flocalhost:3000 .\u002Fpoc\u002FCVE-2026-44574_GHSA-492v-c6pp-mqqv\u002Fexploit.sh\n```\n\nRun the whole collection:\n\n```bash\nTARGET=http:\u002F\u002Flocalhost:3000 .\u002Fpoc\u002Frun-all.sh\n```\n\nMost exploits assume a vulnerable Next.js `v16.2.4` target. Some directories instead ship a small stub service in `vulnerable-app\u002F` when reproducing the bug against a full Next.js install would add too much setup overhead.\n\n## Safety\n\n- Test only against systems you own or are explicitly authorized to assess.\n- Upgrade targets to `next@>=16.2.5` to pick up the upstream fixes.\n- If your work turns up a new variant, report it privately through the Next.js security process instead of disclosing it in public.","该项目收集了Next.js v16.2.4版本中修复的安全漏洞的反向工程验证材料。核心功能包括针对每个CVE提供详细的漏洞描述、修复前后的代码差异、可运行的攻击脚本及预期输出，以及用于重现问题的最小化应用示例。技术特点上，项目利用了Neo by ProjectDiscovery工具进行分析，并提供了全面的文档支持。适合安全研究人员、开发者在进行防御性研究、回归测试或检测工作中使用。","2026-06-11 03:32:13","CREATED_QUERY"]