CVE-2024-34350
published 2024-05-14CVE-2024-34350: Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP…
PriorityP345high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
EPSS
1.02%
59.1th percentile
Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| next | next | >= 13.4.0 < 13.5.1 | 13.5.1 |
| vercel | next.js | — | — |
| vercel | next.js | >= 13.4.0 < 13.5.1 | 13.5.1 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Next.js Vulnerable to HTTP Request Smuggling
ghsa·2024-05-09
CVE-2024-34350 [HIGH] CWE-444 Next.js Vulnerable to HTTP Request Smuggling
Next.js Vulnerable to HTTP Request Smuggling
### Impact
Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions.
For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js.
### Patches
The vulnerability is resolved in Next.js `13.5.1` and newer. This includes Next.js `14.x`.
### Workarounds
There are no official workarounds for this vulnerability. We recommend that you upgrade to a safe version.
### References
https://portswigger.net/web-security/requ
OSV
Next.js Vulnerable to HTTP Request Smuggling
osv·2024-05-09
CVE-2024-34350 [HIGH] Next.js Vulnerable to HTTP Request Smuggling
Next.js Vulnerable to HTTP Request Smuggling
### Impact
Inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions.
For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js.
### Patches
The vulnerability is resolved in Next.js `13.5.1` and newer. This includes Next.js `14.x`.
### Workarounds
There are no official workarounds for this vulnerability. We recommend that you upgrade to a safe version.
### References
https://portswigger.net/web-security/requ
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-05-14
Published