Next.js resolves response queue poisoning vulnerability in affected versions

CVE-2024-34350

What is CVE-2024-34350?

Two new vulnerabilities have been discovered in Next.js, related to response queue poisoning and SSRF on certain Next.js versions. The response queue poisoning vulnerability can manipulate a front-end server and map wrong back-end responses, while the SSRF vulnerability occurs when the server is called by a redirect and takes the host header from the client, potentially leading to an SSRF vulnerability. These vulnerabilities have been patched in Next.js versions 13.5.1 and 14.x to prevent exploitation. No known ransomware cases related to the vulnerabilities have been reported.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

CybersecurityNews

CVE-2024-34351CVE-2024-34350

Critical Next.js Vulnerability Let Attackers Compromise Server Operations

Two new vulnerabilities have been discovered in Next.js which were related to response queue poisoning and SSRF on certain Next.js versions.

References