Description

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer.

INFO

Published Date :

2024-05-09T16:07:44.499Z

Last Modified :

2024-08-02T02:51:11.331Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-34350 vulnerability.

Vendors Products
Vercel
  • Next.js
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-34350.

URL Resource
https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact