1 results (0.003 seconds)
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2024-56332 – Next.js Vulnerable to Denial of Service (DoS) with Server Actions
https://notcve.org/view.php?id=CVE-2024-56332
03 Jan 2025 — Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. This vulnerability can also be used as a Denial of Wallet (DoW) attack when deployed in providers billing by response times. (Note: Next.js server is idle ... • https://github.com/vercel/next.js/security/advisories/GHSA-7m27-7ghc-44w9 • CWE-770: Allocation of Resources Without Limits or Throttling •