Lucene search

GitHub_MCVELIST:CVE-2024-34350

HistoryMay 09, 2024 - 4:07 p.m.

CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling

2024-05-0916:07:44

CWE-444

GitHub_M

www.cve.org

cve-2024

next.js

vulnerable

http request smuggling

desynchronized responses

rewrites feature

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the rewrites feature in Next.js. The vulnerability is resolved in Next.js 13.5.1 and newer.

CNA Affected

[
  {
    "vendor": "vercel",
    "product": "next.js",
    "versions": [
      {
        "version": ">= 13.4.0, < 13.5.1",
        "status": "affected"
      }
    ]
  }
]

References

github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2024-34350