CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-47831 – Next.js image optimization has Denial of Service condition
https://notcve.org/view.php?id=CVE-2024-47831
Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned. • https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m • CWE-674: Uncontrolled Recursion •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39693 – Next.js Denial of Service (DoS) condition
https://notcve.org/view.php?id=CVE-2024-39693
Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later. Next.js es un framework de React. Se identificó una condición de denegación de servicio (DoS) en Next.js. • https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2024-34351 – Next.js Server-Side Request Forgery in Server Actions
https://notcve.org/view.php?id=CVE-2024-34351
Next.js is a React framework that can provide building blocks to create web applications. A Server-Side Request Forgery (SSRF) vulnerability was identified in Next.js Server Actions. If the `Host` header is modified, and the below conditions are also met, an attacker may be able to make requests that appear to be originating from the Next.js application server itself. The required conditions are 1) Next.js is running in a self-hosted manner; 2) the Next.js application makes use of Server Actions; and 3) the Server Action performs a redirect to a relative path which starts with a `/`. This vulnerability was fixed in Next.js `14.1.1`. • https://github.com/Voorivex/CVE-2024-34351 https://github.com/God4n/nextjs-CVE-2024-34351-_exploit https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085 https://github.com/vercel/next.js/pull/62561 https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34350 – Next.js Vulnerable to HTTP Request Smuggling
https://notcve.org/view.php?id=CVE-2024-34350
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer. • https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1CVE-2023-46298
https://notcve.org/view.php?id=CVE-2023-46298
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Next.js anterior a 13.4.20-canary.13 carece de un encabezado de control de caché y, por lo tanto, a veces una CDN puede almacenar en caché respuestas de captación previa vacías, lo que provoca una denegación de servicio a todos los usuarios que solicitan la misma URL a través de esa CDN. • https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13 https://github.com/vercel/next.js/issues/45301 https://github.com/vercel/next.js/pull/54732 •