Опубликовано: 10 июл. 2024
Источник: github
Github: Прошло ревью
CVSS4: 8.7
CVSS3: 7.5
Описание
Next.js Denial of Service (DoS) condition
Impact
A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server.
This vulnerability can affect all Next.js deployments on the affected versions.
Patches
This vulnerability was resolved in Next.js 13.5 and later. We recommend that users upgrade to a safe version.
Workarounds
There are no official workarounds for this vulnerability.
Credit
- Thai Vu of flyseccorp.com
- Aonan Guan (@0dd), Senior Cloud Security Engineer
Пакеты
Наименование
next
npm
Затронутые версииВерсия исправления
>= 13.3.1, < 13.5.0
13.5.0
Связанные уязвимости
CVSS3: 7.5
nvd
около 1 года назад
Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later.