CVE-2024-46982

Summary

CVE-2024-46982 is a vulnerability affecting Next.js versions 13.5.1 to 14.2.9, specifically when using the pages router with non-dynamic server-side rendered routes. By sending a specially crafted HTTP request, an attacker can manipulate the cache of these routes, potentially causing Next.js to cache content that should not be cached and allowing upstream CDNs to store this data. The vulnerability has been rated with a high severity score of 7.5, indicating a significant risk of service disruption for affected organizations due to the potential availability impact. Remediation involves upgrading to Next.js versions 13.5.7, 14.2.10, or later, as there are no recommended workarounds available for this vulnerability. Organizations are advised to apply these updates promptly to mitigate the risk associated with this flaw.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.