Next.js Security Update Advisory (CVE-2024-46982)

Sep 24 2024

Overview

An update has been released to address vulnerabilities in Next.js. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-46982

Next.js versions: ~ 13.5.1 (inclusive)
Next.js versions: ~ 14.2.10 (excluded)

Resolved Vulnerabilities

A vulnerability that could allow malformed cache control headers to be sent via a crafted HTTP request to pollute the cache of the Next.js page router’s non-dynamic server-side render path (CVE-2024-46982)

Vulnerability Patches

The following product-specific Vulnerability Patches have been made available with the latest update. If you are using an affected version, Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-46982

Next.js version: 13.5.7
Next.js version: 14.2.10

References

[1] CVE-2024-46982 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-46982

[2] nest.js/Cache Poisoning

https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9

[3] next.js/Commit

https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3

https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda

Next.js Security Update Advisory (CVE-2024-46982)

Ivanti Product Security Update Advisory (CVE-2024-8963)

llama.cpp Security Update Advisory (CVE-2024-42479)

Tags:

Ivanti Product Security Update Advisory (CVE-2024-8963)

llama.cpp Security Update Advisory (CVE-2024-42479)