7585a12b6d
Moves automated scan scripts and setup.sh into package/. bind-ssh-tailscale.sh remains in standalone/ as a manual-run tool. Updates README.md setup instructions to reflect new paths. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1.3 KiB
1.3 KiB
Next.js RCE Vulnerability Scanner
Quick scanner for CVE-2025-66478 / CVE-2025-55182 (CVSS 10.0)
Usage
curl -o check-nextjs-rce.sh http://100.120.125.113:3000/pdm/security-tools/raw/branch/master/check-nextjs-rce.sh
chmod +x check-nextjs-rce.sh
sudo ./check-nextjs-rce.sh
What it checks
- Scans all package.json files on the system
- Checks Docker containers for Next.js
- Identifies vulnerable versions (15.0-15.5.6, 16.0-16.0.6)
Patched Versions
- Next.js 15.5.7+
- Next.js 16.0.7+
How to Update Next.js
For npm projects:
# Update to latest patched version
npm install next@latest
# Or specify exact version
npm install next@15.5.7
For yarn projects:
# Update to latest patched version
yarn upgrade next@latest
# Or specify exact version
yarn upgrade next@15.5.7
For Docker containers:
# 1. Update package.json in your project
sed -i 's/"next": "15\.[0-5]\.[0-6]"/"next": "15.5.7"/g' package.json
# 2. Rebuild Docker image
docker compose build
# 3. Restart container
docker compose down
docker compose up -d
# 4. Verify version
docker compose exec <container-name> npm list next
Verify the update:
# Check installed version
npm list next
# or
yarn list next
# Verify no vulnerabilities remain
npm audit
# or
yarn audit