f362bd3721
Moves all automated scripts back to the repo root where setup.sh expects them. standalone/ remains for manual-run tools. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
72 lines
1.3 KiB
Markdown
72 lines
1.3 KiB
Markdown
# Next.js RCE Vulnerability Scanner
|
|
|
|
Quick scanner for CVE-2025-66478 / CVE-2025-55182 (CVSS 10.0)
|
|
|
|
## Usage
|
|
|
|
```bash
|
|
curl -o check-nextjs-rce.sh http://100.120.125.113:3000/pdm/security-tools/raw/branch/master/check-nextjs-rce.sh
|
|
chmod +x check-nextjs-rce.sh
|
|
sudo ./check-nextjs-rce.sh
|
|
```
|
|
|
|
## What it checks
|
|
|
|
- Scans all package.json files on the system
|
|
- Checks Docker containers for Next.js
|
|
- Identifies vulnerable versions (15.0-15.5.6, 16.0-16.0.6)
|
|
|
|
## Patched Versions
|
|
|
|
- Next.js 15.5.7+
|
|
- Next.js 16.0.7+
|
|
|
|
## How to Update Next.js
|
|
|
|
### For npm projects:
|
|
```bash
|
|
# Update to latest patched version
|
|
npm install next@latest
|
|
|
|
# Or specify exact version
|
|
npm install next@15.5.7
|
|
```
|
|
|
|
### For yarn projects:
|
|
```bash
|
|
# Update to latest patched version
|
|
yarn upgrade next@latest
|
|
|
|
# Or specify exact version
|
|
yarn upgrade next@15.5.7
|
|
```
|
|
|
|
### For Docker containers:
|
|
```bash
|
|
# 1. Update package.json in your project
|
|
sed -i 's/"next": "15\.[0-5]\.[0-6]"/"next": "15.5.7"/g' package.json
|
|
|
|
# 2. Rebuild Docker image
|
|
docker compose build
|
|
|
|
# 3. Restart container
|
|
docker compose down
|
|
docker compose up -d
|
|
|
|
# 4. Verify version
|
|
docker compose exec <container-name> npm list next
|
|
```
|
|
|
|
### Verify the update:
|
|
```bash
|
|
# Check installed version
|
|
npm list next
|
|
# or
|
|
yarn list next
|
|
|
|
# Verify no vulnerabilities remain
|
|
npm audit
|
|
# or
|
|
yarn audit
|
|
```
|