Find, fix and prevent vulnerabilities in your code.

Overview

next is a react framework.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the lack of an upper bound on the disk cache used by the image optimization. An attacker can exhaust disk storage by generating a large number of unique image optimization variants, leading to service disruption.

Workaround

This vulnerability can be mitigated by periodically cleaning the .next/cache/images directory or by reducing the number of possible image variants through configuration of images.localPatterns, images.remotePatterns, and images.qualities.

Remediation

Upgrade next to version 16.1.7, 16.2.0-canary.54 or higher.

References

• GitHub Commit
• GitHub Release

Overview

next is a react framework.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the unbounded postponed resume-body buffering behavior of the next-resume: 1 header. An attacker can cause excessive memory usage and disrupt service availability by sending oversized POST payloads with the next-resume header, which are buffered without consistent size enforcement in certain non-minimal deployments. This is only exploitable if the App Router with Partial Prerendering capability is enabled (via experimental.ppr or cacheComponents) and the deployment is not in minimal mode.

Remediation

Upgrade next to version 16.1.7, 16.2.0-canary.51 or higher.

References

• GitHub Commit
• GitHub Release

Overview

next is a react framework.

Affected versions of this package are vulnerable to HTTP Request Smuggling during the rewrite of the proxy traffic to an external backend. An attacker can access unintended backend routes by sending crafted DELETE or OPTIONS requests with Transfer-Encoding: chunked headers. This is only exploitable if the application is not hosted on providers that handle rewrites at the CDN level.

Workaround

This vulnerability can be mitigated by blocking chunked DELETE/OPTIONS requests on rewritten routes at the edge/proxy, or by enforcing authentication and authorization on backend routes.

Remediation

Upgrade next to version 15.5.13, 16.1.7, 16.2.0-canary.102 or higher.

References

• GitHub Commit
• GitHub Commit
• GitHub Release
• GitHub Release

Overview

next is a react framework.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF) due to the uncaught origin: null in the Server Action CSRF validation. An attacker can perform unauthorized state-changing actions on behalf of a user by inducing the user's browser to submit requests from a sandboxed context, bypassing origin verification.

Workaround

This vulnerability can be mitigated by adding CSRF tokens for sensitive Server Actions, preferring SameSite=Strict on sensitive authentication cookies, and ensuring that null is not allowed in serverActions.allowedOrigins unless intentionally required and additionally protected.

Remediation

Upgrade next to version 16.1.7, 16.2.0-canary.102 or higher.

References

• GitHub Commit
• GitHub Release