Homepage

next@14.2.31 vulnerabilities

The React Framework

  • latest version

    15.5.3

  • latest non vulnerable version

    15.5.3

  • first published

    14 years ago

  • latest version published

    8 hours ago

  • licenses detected

  • View next package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the next package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Server-side Request Forgery (SSRF)

    next is a react framework.

    Affected versions of this package are vulnerable to Server-side Request Forgery (SSRF) via the resolve-routes. An attacker can access internal resources and potentially exfiltrate sensitive information by crafting requests containing user-controlled headers (e.g., Location) that are forwarded or interpreted without validation.

    Note: This is only exploitable if custom middleware logic is implemented in a self-hosted deployment. The project maintainers recommend using the documented NextResponse.next({request}) to explicitly pass the request object.

    How to fix Server-side Request Forgery (SSRF)?

    Upgrade next to version 14.2.32, 15.4.2-canary.43, 15.4.7 or higher.

    <14.2.32>=15.0.0 <15.4.2-canary.43>=15.4.3 <15.4.7
    Go back to all versions of this package