CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46982 – Cache Poisoning in next.js
https://notcve.org/view.php?id=CVE-2024-46982
Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. • https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3 https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39693 – Next.js Denial of Service (DoS) condition
https://notcve.org/view.php?id=CVE-2024-39693
Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later. Next.js es un framework de React. Se identificó una condición de denegación de servicio (DoS) en Next.js. • https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-34351 – Next.js Server-Side Request Forgery in Server Actions
https://notcve.org/view.php?id=CVE-2024-34351
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`. • https://github.com/Voorivex/CVE-2024-34351 https://github.com/God4n/nextjs-CVE-2024-34351-_exploit https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085 https://github.com/vercel/next.js/pull/62561 https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34350 – Next.js Vulnerable to HTTP Request Smuggling
https://notcve.org/view.php?id=CVE-2024-34350
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer. • https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24828 – Local Privilege Escalation in execuatables bundled by pkg
https://notcve.org/view.php?id=CVE-2024-24828
pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. • https://github.com/vercel/pkg/security/advisories/GHSA-22r3-9w55-cj54 https://nodejs.org/api/single-executable-applications.html • CWE-276: Incorrect Default Permissions •