Moltivie/the-t3-stack
Find, fix and prevent vulnerabilities in your code.
critical severity
- Vulnerable module: sharp
- Introduced through: sharp@0.31.3
Detailed paths
-
Introduced through: crud-t3-app@Moltivie/the-t3-stack#d6160ed82e5d1107d22cb9443873640d30da1921 › sharp@0.31.3Remediation: Upgrade to sharp@0.32.6.
Overview
sharp is a High performance Node.js image processing, the fastest module to resize JPEG, PNG, WebP, GIF, AVIF and TIFF images
Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes() function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes() function to allocate the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.
Notes:
This is only exploitable if the color_cache_bits value defines which size to use.
This vulnerability was also published on libwebp CVE-2023-5129
Changelog:
2023-09-12: Initial advisory publication
2023-09-27: Advisory details updated, including CVSS, references
2023-09-27: CVE-2023-5129 rejected as a duplicate of CVE-2023-4863
2023-09-28: Research and addition of additional affected libraries
2024-01-28: Additional fix information
Remediation
Upgrade sharp to version 0.32.6 or higher.
References
critical severity
new
- Vulnerable module: next
- Introduced through: next@13.0.0
Detailed paths
-
Introduced through: crud-t3-app@Moltivie/the-t3-stack#d6160ed82e5d1107d22cb9443873640d30da1921 › next@13.0.0Remediation: Upgrade to next@13.5.9.
Overview
next is a react framework.
Affected versions of this package are vulnerable to Improper Authorization due to the improper handling of the x-middleware-subrequest header. An attacker can bypass authorization checks by sending crafted requests containing this specific header.
Workaround
This can be mitigated by preventing external user requests which contain the x-middleware-subrequest header from reaching your Next.js application.
Remediation
Upgrade next to version 12.3.5, 13.5.9, 14.2.25, 15.2.3, 15.3.0-canary.12 or higher.
References
high severity
- Vulnerable module: next
- Introduced through: next@13.0.0
Detailed paths
-
Introduced through: crud-t3-app@Moltivie/the-t3-stack#d6160ed82e5d1107d22cb9443873640d30da1921 › next@13.0.0Remediation: Upgrade to next@13.5.8.
Overview
next is a react framework.
Affected versions of this package are vulnerable to Missing Authorization when using pathname-based checks in middleware for authorization decisions. If i18n configuration is not configured, an attacker can get unintended access to pages one level under the application's root directory.
e.g. https://example.com/foo is accessible. https://example.com/ and https://example.com/foo/bar are not.
Note:
Only self-hosted applications are vulnerable. The vulnerability has been fixed by Vercel on the server side.
Remediation
Upgrade next to version 13.5.8, 14.2.15, 15.0.0-canary.177 or higher.
References
high severity
- Vulnerable module: next
- Introduced through: next@13.0.0
Detailed paths
-
Introduced through: crud-t3-app@Moltivie/the-t3-stack#d6160ed82e5d1107d22cb9443873640d30da1921 › next@13.0.0Remediation: Upgrade to next@14.2.7.
Overview
next is a react framework.
Affected versions of this package are vulnerable to Uncontrolled Recursion through the image optimization feature. An attacker can cause excessive CPU consumption by exploiting this vulnerability.
Workaround
Ensure that the next.config.js file has either images.unoptimized, images.loader or images.loaderFile assigned.
Remediation
Upgrade next to version 14.2.7, 15.0.0-canary.109 or higher.
References
medium severity
- Vulnerable module: next
- Introduced through: next@13.0.0
Detailed paths
-
Introduced through: crud-t3-app@Moltivie/the-t3-stack#d6160ed82e5d1107d22cb9443873640d30da1921 › next@13.0.0Remediation: Upgrade to next@13.5.8.
Overview
next is a react framework.
Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling through the Server Actions process. An attacker can cause the server to hang by constructing requests that leave Server-Actions requests pending until the hosting provider terminates the function execution.
Note:
This is only exploitable if there are no protections against long-running Server Action invocations.
Remediation
Upgrade next to version 13.5.8, 14.2.21, 15.1.2 or higher.
References
medium severity
- Vulnerable module: next
- Introduced through: next@13.0.0
Detailed paths
-
Introduced through: crud-t3-app@Moltivie/the-t3-stack#d6160ed82e5d1107d22cb9443873640d30da1921 › next@13.0.0Remediation: Upgrade to next@13.5.0.
Overview
next is a react framework.
Affected versions of this package are vulnerable to Resource Exhaustion via the cache-control header. An attacker can cause a denial of service to all users requesting the same URL via a CDN by caching empty prefetch responses.
Remediation
Upgrade next to version 13.4.20-canary.13 or higher.
References
medium severity
- Vulnerable module: postcss
- Introduced through: next@13.0.0
Detailed paths
-
Introduced through: crud-t3-app@Moltivie/the-t3-stack#d6160ed82e5d1107d22cb9443873640d30da1921 › next@13.0.0 › postcss@8.4.14Remediation: Upgrade to next@13.5.4.
Overview
postcss is a PostCSS is a tool for transforming styles with JS plugins.
Affected versions of this package are vulnerable to Improper Input Validation when parsing external Cascading Style Sheets (CSS) with linters using PostCSS. An attacker can cause discrepancies by injecting malicious CSS rules, such as @font-face{ font:(\r/*);}.
This vulnerability is because of an insecure regular expression usage in the RE_BAD_BRACKET variable.
Remediation
Upgrade postcss to version 8.4.31 or higher.