Homepage

next@15.5.8 vulnerabilities

The React Framework

  • latest version

    16.1.4

  • latest non vulnerable version

    16.1.4

  • first published

    14 years ago

  • latest version published

    16 hours ago

  • licenses detected

  • View next package health on Snyk Advisor  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the next package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Deserialization of Untrusted Data

    next is a react framework.

    Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to unsafe deserialization of payloads from HTTP requests to Server Function endpoints. An attacker can cause the server process to enter an infinite loop and hang, preventing it from serving future HTTP requests by sending specially crafted payloads.

    Note:

    This is caused by an incomplete fix for CVE-2025-55184.

    How to fix Deserialization of Untrusted Data?

    Upgrade next to version 14.2.35, 15.0.7, 15.1.11, 15.2.8, 15.3.8, 15.4.10, 15.5.9, 16.0.10, 16.1.0-canary.19 or higher.

    >=14.2.34 <14.2.35>=15.0.6 <15.0.7>=15.1.10 <15.1.11>=15.2.7 <15.2.8>=15.3.7 <15.3.8>=15.4.9 <15.4.10>=15.5.8 <15.5.9>=16.0.9 <16.0.10>=16.1.0-canary.0 <16.1.0-canary.19
    Go back to all versions of this package