{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39693", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-27T18:44:13.036Z", "datePublished": "2024-07-10T19:54:10.773Z", "dateUpdated": "2024-11-05T14:40:42.493Z"}, "containers": {"cna": {"title": "Next.js Denial of Service (DoS) condition", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42"}], "affected": [{"vendor": "vercel", "product": "next.js", "versions": [{"version": ">= 13.3.1, < 13.5.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-05T14:40:42.493Z"}, "descriptions": [{"lang": "en", "value": "Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later."}], "source": {"advisory": "GHSA-fq54-2j52-jc42", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "vercel", "product": "next.js", "cpes": ["cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.4.0", "status": "affected", "lessThan": "13.5.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-11T14:15:26.573358Z", "id": "CVE-2024-39693", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T18:07:28.029Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.970Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42", "name": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42", "tags": ["x_refsource_CONFIRM", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.970Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39693", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-11T14:15:26.573358Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*"], "vendor": "vercel", "product": "next.js", "versions": [{"status": "affected", "version": "13.4.0", "lessThan": "13.5.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-11T14:51:57.369Z"}}], "cna": {"title": "Next.js Denial of Service (DoS) condition", "source": {"advisory": "GHSA-fq54-2j52-jc42", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "vercel", "product": "next.js", "versions": [{"status": "affected", "version": ">= 13.3.1, < 13.5.0"}]}], "references": [{"url": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42", "name": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-05T14:40:42.493Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39693", "state": "PUBLISHED", "dateUpdated": "2024-11-05T14:40:42.493Z", "dateReserved": "2024-06-27T18:44:13.036Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-07-10T19:54:10.773Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "11B00529-A36C-417F-86AF-534965D056B4", "versionEndExcluding": "13.5.0", "versionStartIncluding": "13.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later."}, {"lang": "es", "value": "Next.js es un framework de React. Se identific\u00f3 una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en Next.js. La explotaci\u00f3n del error puede provocar una falla que afecte la disponibilidad del servidor. su vulnerabilidad se resolvi\u00f3 en Next.js 13.5 y versiones posteriores."}], "id": "CVE-2024-39693", "lastModified": "2025-09-10T15:44:17.000", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-07-10T20:15:04.543", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}