CVE-2025-49826— Next.js 安全漏洞

Next.js DoS vulnerability via cache poisoning

Next.js is a React framework for building full-stack web applications. From versions 15.0.4-canary.51 to before 15.1.8, a cache poisoning bug leading to a Denial of Service (DoS) condition was found in Next.js. This issue does not impact customers hosted on Vercel. Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page. This issue has been addressed in version 15.1.8.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

HTTP请求的解释不一致性(HTTP请求私运)

Next.js 安全漏洞

Next.js是Vercel开源的一个 React 框架。 Next.js 15.0.4-canary.51至15.1.8之前版本存在安全漏洞，该漏洞源于缓存污染漏洞，可能导致拒绝服务。

N/A

N/A