Security context
High· 7.5GHSA-fq54-2j52-jc42 CVE-2024-39693CWE-400Published Jul 10, 2024

Next.js Denial of Service (DoS) condition

Research this vulnerability

Research is free — Hunters explains how the bug works, the root-cause code pattern, how the fix addresses it, and how to test whether a target is affected, in chat. Investigate & write exploit is a paid run — the engine reads the advisory and fix commits, then builds and validates a working proof-of-concept exploit with reproduction steps.

Affected versions

13.3.1 → fixed in 13.5.0

Details

### Impact A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. **This vulnerability can affect all Next.js deployments on the affected versions.** ### Patches This vulnerability was resolved in Next.js 13.5 and later. We recommend that users upgrade to a safe version. ### Workarounds There are no official workarounds for this vulnerability. #### Credit * Thai Vu of [flyseccorp.com](http://flyseccorp.com/) * Aonan Guan (@0dd), Senior Cloud Security Engineer

The fix

No fix commit could be resolved for this advisory (it may reference an issue tracker or a non-GitHub patch). See the references below.

References