Denial of Service Condition in Next.js Framework
CVE-2024-39693

7.5HIGH

Key Information:

Vendor: Vercel
Status: Next.js
Vendor: CVE Published:; 10 July 2024

Summary

A critical Denial of Service (DoS) vulnerability has been identified in Next.js, a widely-used React framework. This bug can lead to a server crash, severely affecting the availability and performance of applications built using this framework. The vulnerability was addressed in Next.js version 13.5 and later. Users are strongly advised to update to the latest version to mitigate the risks associated with this vulnerability. For further details, please refer to the advisory on the Vercel GitHub page.

Affected Version(s)

next.js >= 13.3.1, < 13.5.0

References

https://github.com/vercel/next.js/security/advisories/GHS...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 10, 2024
Vulnerability Reserved
Jun 27, 2024