CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2024-46982 – Cache Poisoning in next.js
https://notcve.org/view.php?id=CVE-2024-46982
Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. • https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3 https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39693 – Next.js Denial of Service (DoS) condition
https://notcve.org/view.php?id=CVE-2024-39693
Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later. Next.js es un framework de React. Se identificó una condición de denegación de servicio (DoS) en Next.js. • https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-34351 – Next.js Server-Side Request Forgery in Server Actions
https://notcve.org/view.php?id=CVE-2024-34351
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`. • https://github.com/Voorivex/CVE-2024-34351 https://github.com/God4n/nextjs-CVE-2024-34351-_exploit https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085 https://github.com/vercel/next.js/pull/62561 https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34350 – Next.js Vulnerable to HTTP Request Smuggling
https://notcve.org/view.php?id=CVE-2024-34350
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer. • https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1CVE-2023-46298
https://notcve.org/view.php?id=CVE-2023-46298
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Next.js anterior a 13.4.20-canary.13 carece de un encabezado de control de caché y, por lo tanto, a veces una CDN puede almacenar en caché respuestas de captación previa vacías, lo que provoca una denegación de servicio a todos los usuarios que solicitan la misma URL a través de esa CDN. • https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13 https://github.com/vercel/next.js/issues/45301 https://github.com/vercel/next.js/pull/54732 •