next@14.2.7 vulnerabilities
The React Framework
-
latest version
15.0.3
-
latest non vulnerable version
-
first published
13 years ago
-
latest version published
18 days ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the next package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
next is a react framework. Affected versions of this package are vulnerable to Acceptance of Extraneous Untrusted Data With Trusted Data by sending a crafted HTTP request, which allows the attacker to poison the cache of a non-dynamic server-side rendered route in the page router. This will coerce the request to cache a route that is meant to not be cached and send a Note: This is only vulnerable if:
Users are not affected if:
How to fix Acceptance of Extraneous Untrusted Data With Trusted Data? Upgrade |
>=13.5.1 <13.5.7
>=14.0.0 <14.2.10
|