CVE-2024-37162

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-37162
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37162.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-37162
Aliases
Related
Published
2024-06-07T15:15:50Z
Modified
2025-01-15T05:14:30.843522Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure. This has been patched on 0.3.3.

References

Affected packages

Git / github.com/idopesok/zsa

Affected ranges

Type
GIT
Repo
https://github.com/idopesok/zsa
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

server-actions-wrapper@0.*

server-actions-wrapper@0.0.2
server-actions-wrapper@0.1.0
server-actions-wrapper@0.1.1
server-actions-wrapper@0.1.2
server-actions-wrapper@0.1.3
server-actions-wrapper@0.1.4

zsa-openapi@0.*

zsa-openapi@0.0.1
zsa-openapi@0.0.10
zsa-openapi@0.0.2
zsa-openapi@0.0.3
zsa-openapi@0.0.4
zsa-openapi@0.0.5
zsa-openapi@0.0.6
zsa-openapi@0.0.7
zsa-openapi@0.0.8
zsa-openapi@0.0.9

zsa-react-query@0.*

zsa-react-query@0.0.1
zsa-react-query@0.1.0

zsa-react@0.*

zsa-react@0.0.0
zsa-react@0.0.1
zsa-react@0.1.0
zsa-react@0.1.1
zsa-react@0.1.2
zsa-react@0.1.3
zsa-react@0.1.4

zsa@0.*

zsa@0.0.1
zsa@0.1.1
zsa@0.2.0
zsa@0.2.1
zsa@0.2.2
zsa@0.2.3
zsa@0.3.0
zsa@0.3.1
zsa@0.3.2