CVE-2024-37162

CVSS 3.1 Score 4.0 of 10 (medium)

Details

Published Jun 7, 2024

CWE ID 209

Summary

CVE-2024-37162 affects the zsa library used in Next.js for building typesafe server actions. In production mode, this library transfers parse error stacks from the server to the client, potentially exposing sensitive information like machine usernames and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to server environments, using the exposed information for further attacks or infrastructure reconnaissance. This issue has been resolved with the release of version `0.3.3`.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/wQqHTW
https://www.cve.org/CVERecord?id=CVE-2024-37162
https://nvd.nist.gov/vuln/detail/CVE-2024-37162

Back to Vulnerability Database

CVE-2024-37162

CVSS 3.1 Score 4.0 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations