GHSA-fq54-2j52-jc42
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fq54-2j52-jc42
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-fq54-2j52-jc42/GHSA-fq54-2j52-jc42.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fq54-2j52-jc42
- Aliases
-
- CVE-2024-39693
- Published
- 2024-07-10T16:03:06Z
- Modified
- 2024-11-06T14:30:33Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Next.js Denial of Service (DoS) condition
- Details
-
Impact
A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server.
This vulnerability can affect all Next.js deployments on the affected versions.
Patches
This vulnerability was resolved in Next.js 13.5 and later. We recommend that users upgrade to a safe version.
Workarounds
There are no official workarounds for this vulnerability.
Credit
- Thai Vu of flyseccorp.com
- Aonan Guan (@0dd), Senior Cloud Security Engineer
- Database specific
{ "nvd_published_at": "2024-07-10T20:15:04Z", "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-07-10T16:03:06Z" }- References
Affected packages
npm / next
Package
- Name
- next
- View open source insights on deps.dev
- Purl
- pkg:npm/next