CVE-2024-34350

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-34350

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-34350.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-34350

Aliases

GHSA-77r5-gw3j-2mpf

Published

2024-05-09T16:07:44Z

Modified

2025-10-20T21:08:34.539568Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Next.js Vulnerable to HTTP Request Smuggling

Details

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the rewrites feature in Next.js. The vulnerability is resolved in Next.js 13.5.1 and newer.

Database specific

{
    "cwe_ids": [
        "CWE-444"
    ]
}

References

https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf

Affected packages

Git / github.com/vercel/next.js

Affected ranges

Type: GIT
Repo: https://github.com/vercel/next.js
Events: Introduced

fb12a6dc877c5ce2f21246f4921494a1b8e356a6

Fixed

0c1c7f847ee820f93bdf08e809b1e2e62230ab4b

Affected versions

v13.*

v13.4.0

v13.4.1

v13.4.1-canary.0

v13.4.1-canary.1

v13.4.1-canary.2

v13.4.10

v13.4.10-canary.0

v13.4.10-canary.1

v13.4.10-canary.2

v13.4.10-canary.3

v13.4.10-canary.4

v13.4.10-canary.5

v13.4.10-canary.6

v13.4.10-canary.7

v13.4.10-canary.8

v13.4.11

v13.4.11-canary.0

v13.4.11-canary.1

v13.4.11-canary.2

v13.4.12

v13.4.13

v13.4.13-canary.0

v13.4.13-canary.1

v13.4.13-canary.10

v13.4.13-canary.11

v13.4.13-canary.12

v13.4.13-canary.13

v13.4.13-canary.14

v13.4.13-canary.15

v13.4.13-canary.16

v13.4.13-canary.17

v13.4.13-canary.18

v13.4.13-canary.2

v13.4.13-canary.3

v13.4.13-canary.4

v13.4.13-canary.5

v13.4.13-canary.6

v13.4.13-canary.7

v13.4.13-canary.8

v13.4.13-canary.9

v13.4.14

v13.4.14-canary.0

v13.4.14-canary.1

v13.4.14-canary.2

v13.4.14-canary.3

v13.4.14-canary.4

v13.4.14-canary.5

v13.4.15

v13.4.15-canary.0

v13.4.16

v13.4.16-canary.0

v13.4.16-canary.1

v13.4.17

v13.4.17-canary.0

v13.4.17-canary.1

v13.4.17-canary.2

v13.4.18

v13.4.18-canary.0

v13.4.19

v13.4.19-canary.0

v13.4.2

v13.4.2-canary.0

v13.4.2-canary.1

v13.4.2-canary.2

v13.4.2-canary.3

v13.4.2-canary.4

v13.4.2-canary.5

v13.4.2-canary.6

v13.4.20-canary.0

v13.4.20-canary.1

v13.4.20-canary.10

v13.4.20-canary.11

v13.4.20-canary.12

v13.4.20-canary.13

v13.4.20-canary.14

v13.4.20-canary.15

v13.4.20-canary.16

v13.4.20-canary.17

v13.4.20-canary.18

v13.4.20-canary.19

v13.4.20-canary.2

v13.4.20-canary.20

v13.4.20-canary.21

v13.4.20-canary.22

v13.4.20-canary.23

v13.4.20-canary.24

v13.4.20-canary.25

v13.4.20-canary.26

v13.4.20-canary.27

v13.4.20-canary.28

v13.4.20-canary.29

v13.4.20-canary.3

v13.4.20-canary.31

v13.4.20-canary.32

v13.4.20-canary.33

v13.4.20-canary.34

v13.4.20-canary.35

v13.4.20-canary.36

v13.4.20-canary.37

v13.4.20-canary.38

v13.4.20-canary.39

v13.4.20-canary.4

v13.4.20-canary.40

v13.4.20-canary.41

v13.4.20-canary.5

v13.4.20-canary.6

v13.4.20-canary.7

v13.4.20-canary.8

v13.4.20-canary.9

v13.4.3

v13.4.3-canary.0

v13.4.3-canary.1

v13.4.3-canary.2

v13.4.3-canary.3

v13.4.4

v13.4.4-canary.0

v13.4.4-canary.1

v13.4.4-canary.10

v13.4.4-canary.11

v13.4.4-canary.12

v13.4.4-canary.13

v13.4.4-canary.2

v13.4.4-canary.3

v13.4.4-canary.4

v13.4.4-canary.5

v13.4.4-canary.6

v13.4.4-canary.7

v13.4.4-canary.8

v13.4.4-canary.9

v13.4.5

v13.4.5-canary.0

v13.4.5-canary.1

v13.4.5-canary.10

v13.4.5-canary.11

v13.4.5-canary.12

v13.4.5-canary.2

v13.4.5-canary.3

v13.4.5-canary.4

v13.4.5-canary.5

v13.4.5-canary.6

v13.4.5-canary.7

v13.4.5-canary.8

v13.4.5-canary.9

v13.4.6

v13.4.6-canary.0

v13.4.6-canary.1

v13.4.6-canary.2

v13.4.6-canary.3

v13.4.6-canary.4

v13.4.6-canary.5

v13.4.6-canary.6

v13.4.6-canary.7

v13.4.6-canary.8

v13.4.7

v13.4.7-canary.0

v13.4.7-canary.1

v13.4.7-canary.2

v13.4.7-canary.3

v13.4.7-canary.4

v13.4.8

v13.4.8-canary.0

v13.4.8-canary.1

v13.4.8-canary.10

v13.4.8-canary.11

v13.4.8-canary.12

v13.4.8-canary.13

v13.4.8-canary.14

v13.4.8-canary.15

v13.4.8-canary.2

v13.4.8-canary.3

v13.4.8-canary.4

v13.4.8-canary.5

v13.4.8-canary.6

v13.4.8-canary.7

v13.4.8-canary.8

v13.4.8-canary.9

v13.4.9

v13.4.9-canary.0

v13.4.9-canary.1

v13.4.9-canary.2

v13.4.9-canary.3

v13.5.0

v13.5.1-canary.0

v13.5.1-canary.1