Next.js 14.0.x < 14.2.10 Cache Poisoning

The version of Next.js installed on the remote host is 13.5.1 prior to 13.5.7 or 14.0.x prior to 14.2.10. It is, therefore, affected by a Cache Poisoning. Note that the scanner has not attempted to exploit this issue but has instead relied only on application's self-reported version number. No...

CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

CVE-2024-49771 MPXJ has a Potential Path Traversal Vulnerability

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by t...

CVE-2024-49771

CVE-2024-49771 affects the MPXJ library (used to read/write project plans). The issue is a path traversal vulnerability in the ZIP stream handling (InputStreamHelper/Packwood MPXJ code) that could allow writing files to arbitrary locations. It is addressed in MPXJ version 13.5.1. No exploitation ...

CVE-2024-49771 MPXJ has a Potential Path Traversal Vulnerability

MPXJ is an open source library to read and write project plans from a variety of file formats and databases. The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by t...

MPXJ has a Potential Path Traversal Vulnerability

Impact The patch for the historical vulnerability CVE-2020-35460 in MPXJ is incomplete as there is still a possibility that a malicious path could be constructed which would not be picked up by the original fix and allow files to be written to arbitrary locations. Patches The issue is addressed i...

Next.js 安全漏洞

Next.js is a React framework open-sourced by Vercel. A security vulnerability exists in Next.js versions 13.5.1 through 14.2.10 and earlier. An attacker exploits the vulnerability to poison the caches of non-dynamic server-side rendering routes in the page router by sending specially crafted HTTP...

CVE-2024-34350 Next.js Vulnerable to HTTP Request Smuggling

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses...

PT-2021-18117 · Forgerock · Forgerock Openam

Name of the Vulnerable Software and Affected Versions: ForgeRock OpenAM versions prior to 13.5.1 Description: The issue allows LDAP injection via the Webfinger protocol. An unauthenticated attacker can perform character-by-character retrieval of password hashes, or retrieve a session token or a...

ZendStudio IDE Elevation of Privilege Vulnerability

Zend Studio is the leading PHP IDE. It is the only PHP IDE that combines mobile development with PHP and includes a sample mobile application source code. A local elevation of privilege vulnerability has been reported in Zend 13.5.1. A local attacker may be able to exploit this vulnerability to...