Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2024-34350

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.5%
CVSS Severity
CVSS v3 Score 7.5
Products affected by CVE-2024-34350
  • Vercel » Next.js » Version: 13.4.0
    cpe:2.3:a:vercel:next.js:13.4.0
  • Vercel » Next.js » Version: 13.4.1
    cpe:2.3:a:vercel:next.js:13.4.1
  • Vercel » Next.js » Version: 13.4.10
    cpe:2.3:a:vercel:next.js:13.4.10
  • Vercel » Next.js » Version: 13.4.11
    cpe:2.3:a:vercel:next.js:13.4.11
  • Vercel » Next.js » Version: 13.4.12
    cpe:2.3:a:vercel:next.js:13.4.12
  • Vercel » Next.js » Version: 13.4.13
    cpe:2.3:a:vercel:next.js:13.4.13
  • Vercel » Next.js » Version: 13.4.14
    cpe:2.3:a:vercel:next.js:13.4.14
  • Vercel » Next.js » Version: 13.4.15
    cpe:2.3:a:vercel:next.js:13.4.15
  • Vercel » Next.js » Version: 13.4.16
    cpe:2.3:a:vercel:next.js:13.4.16
  • Vercel » Next.js » Version: 13.4.17
    cpe:2.3:a:vercel:next.js:13.4.17
  • Vercel » Next.js » Version: 13.4.18
    cpe:2.3:a:vercel:next.js:13.4.18
  • Vercel » Next.js » Version: 13.4.19
    cpe:2.3:a:vercel:next.js:13.4.19
  • Vercel » Next.js » Version: 13.4.2
    cpe:2.3:a:vercel:next.js:13.4.2
  • Vercel » Next.js » Version: 13.4.20
    cpe:2.3:a:vercel:next.js:13.4.20
  • Vercel » Next.js » Version: 13.4.3
    cpe:2.3:a:vercel:next.js:13.4.3
  • Vercel » Next.js » Version: 13.4.4
    cpe:2.3:a:vercel:next.js:13.4.4
  • Vercel » Next.js » Version: 13.4.5
    cpe:2.3:a:vercel:next.js:13.4.5
  • Vercel » Next.js » Version: 13.4.6
    cpe:2.3:a:vercel:next.js:13.4.6
  • Vercel » Next.js » Version: 13.4.7
    cpe:2.3:a:vercel:next.js:13.4.7
  • Vercel » Next.js » Version: 13.4.8
    cpe:2.3:a:vercel:next.js:13.4.8
  • Vercel » Next.js » Version: 13.4.9
    cpe:2.3:a:vercel:next.js:13.4.9
  • Vercel » Next.js » Version: 13.5.0
    cpe:2.3:a:vercel:next.js:13.5.0


Products
Pricing
Contact Us

Shodan ® - All rights reserved