GHSA-223j-4rm8-mrmf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-223j-4rm8-mrmf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-223j-4rm8-mrmf/GHSA-223j-4rm8-mrmf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-223j-4rm8-mrmf
- Aliases
-
- CVE-2025-30218
- Published
- 2025-04-02T22:35:37Z
- Modified
- 2025-04-03T13:24:25Z
- Severity
-
- 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
- Summary
- Next.js may leak x-middleware-subrequest-id to external hosts
- Details
-
Summary
In the process of remediating CVE-2025-29927, we looked at other possible exploits of Middleware. We independently verified this low severity vulnerability in parallel with two reports from independent researchers.
Learn more here.
Credit
Thank you to Jinseo Kim kjsman and RyotaK (GMO Flatt Security Inc.) with takumi-san.ai for the responsible disclosure. These researchers were awarded as part of our bug bounty program.
- Database specific
{ "nvd_published_at": "2025-04-02T22:15:19Z", "cwe_ids": [ "CWE-200" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2025-04-02T22:35:37Z" }- References
Affected packages
npm / next
Package
- Name
- next
- View open source insights on deps.dev
- Purl
- pkg:npm/next
npm / next
Package
- Name
- next
- View open source insights on deps.dev
- Purl
- pkg:npm/next
npm / next
Package
- Name
- next
- View open source insights on deps.dev
- Purl
- pkg:npm/next
npm / next
Package
- Name
- next
- View open source insights on deps.dev
- Purl
- pkg:npm/next