GHSA-fq54-2j52-jc42

Suggest an improvement
Source
https://github.com/advisories/GHSA-fq54-2j52-jc42
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-fq54-2j52-jc42/GHSA-fq54-2j52-jc42.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-fq54-2j52-jc42
Aliases
  • CVE-2024-39693
Published
2024-07-10T16:03:06Z
Modified
2024-11-06T14:30:33Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
Next.js Denial of Service (DoS) condition
Details

Impact

A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server.

This vulnerability can affect all Next.js deployments on the affected versions.

Patches

This vulnerability was resolved in Next.js 13.5 and later. We recommend that users upgrade to a safe version.

Workarounds

There are no official workarounds for this vulnerability.

Credit

  • Thai Vu of flyseccorp.com
  • Aonan Guan (@0dd), Senior Cloud Security Engineer
Database specific
{
    "nvd_published_at": "2024-07-10T20:15:04Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-10T16:03:06Z"
}
References

Affected packages

npm / next

Package

Affected ranges

Type
SEMVER
Events
Introduced
13.3.1
Fixed
13.5.0