GHSA-77r5-gw3j-2mpf

Suggest an improvement
Source
https://github.com/advisories/GHSA-77r5-gw3j-2mpf
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-77r5-gw3j-2mpf/GHSA-77r5-gw3j-2mpf.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-77r5-gw3j-2mpf
Aliases
  • CVE-2024-34350
Published
2024-05-09T21:07:00Z
Modified
2024-07-09T18:28:18Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N CVSS Calculator
Summary
Next.js Vulnerable to HTTP Request Smuggling
Details

Impact

Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions.

For a request to be exploitable, the affected route also had to be making use of the rewrites feature in Next.js.

Patches

The vulnerability is resolved in Next.js 13.5.1 and newer. This includes Next.js 14.x.

Workarounds

There are no official workarounds for this vulnerability. We recommend that you upgrade to a safe version.

References

https://portswigger.net/web-security/request-smuggling/advanced/response-queue-poisoning

Database specific
{
    "nvd_published_at": "2024-05-14T15:38:41Z",
    "cwe_ids": [
        "CWE-444"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2024-05-09T21:07:00Z"
}
References

Affected packages

npm / next

Package

Affected ranges

Type
SEMVER
Events
Introduced
13.4.0
Fixed
13.5.1