15.3.4
13 years ago
12 days ago
Known vulnerabilities in the next package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
next is a react framework. Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets when running next dev and the project uses the App Router. An attacker can access the source code of client components by exploiting the Cross-site WebSocket hijacking (CSWSH) attack when a user visits a malicious link while having the server running locally. How to fix Missing Origin Validation in WebSockets? Upgrade | >=13.0.0 <15.2.2 |
next is a react framework. Affected versions of this package are vulnerable to Race Condition in the Notes:
How to fix Race Condition? Upgrade | <14.2.24>=15.0.0 <15.1.6 |
next is a react framework. Affected versions of this package are vulnerable to Improper Authorization due to the improper handling of the How to fix Improper Authorization? Upgrade | >=11.1.4 <12.3.5>=13.0.0 <13.5.9>=14.0.0 <14.2.25>=15.0.0-rc.0 <15.2.3>=15.3.0-canary.0 <15.3.0-canary.12 |
next is a react framework. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Server Actions process. An attacker can cause the server to hang by constructing requests that leave Server-Actions requests pending until the hosting provider terminates the function execution. Note: This is only exploitable if there are no protections against long-running Server Action invocations. How to fix Allocation of Resources Without Limits or Throttling? Upgrade | >=13.0.0 <13.5.8>=14.0.0 <14.2.21>=15.0.0 <15.1.2 |
next is a react framework. Affected versions of this package are vulnerable to Missing Authorization when using pathname-based checks in middleware for authorization decisions. If i18n configuration is not configured, an attacker can get unintended access to pages one level under the application's root directory. e.g. Note: Only self-hosted applications are vulnerable. The vulnerability has been fixed by Vercel on the server side. How to fix Missing Authorization? Upgrade | >=9.5.5 <13.5.8>=14.0.0 <14.2.15>=15.0.0-canary.0 <15.0.0-canary.177 |
next is a react framework. Affected versions of this package are vulnerable to Uncontrolled Recursion through the image optimization feature. An attacker can cause excessive CPU consumption by exploiting this vulnerability. How to fix Uncontrolled Recursion? Upgrade | >=10.0.0 <14.2.7>=15.0.0-canary.0 <15.0.0-canary.109 |
next is a react framework. Affected versions of this package are vulnerable to Resource Exhaustion via the How to fix Resource Exhaustion? Upgrade | <13.4.20-canary.13 |