Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-54a7-9e98-3bc4
Summary
Next.js has a Cache poisoning vulnerability due to omission of the Vary header
### Summary

A cache poisoning issue in **Next.js App Router >=15.3.0 and < 15.3.3** may have allowed RSC payloads to be cached and served in place of HTML, under specific conditions involving middleware and redirects. This issue has been fixed in **Next.js 15.3.3**.

Users on affected versions should **upgrade immediately** and **redeploy** to ensure proper caching behavior.

More details: [CVE-2025-49005](https://vercel.com/changelog/cve-2025-49005)
Aliases
0
alias CVE-2025-49005
1
alias GHSA-r2fc-ccr8-96c4
Fixed_packages
0
url pkg:npm/next@15.3.3
purl pkg:npm/next@15.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54qu-9bx2-9ka8
4
vulnerability VCID-5kj1-stm6-8qgv
5
vulnerability VCID-pqwe-3ukm-dkh4
6
vulnerability VCID-qz2s-22e2-ufg9
7
vulnerability VCID-r4pw-m8mz-xbdq
8
vulnerability VCID-sjdx-v2z6-3fcw
9
vulnerability VCID-w35n-bwuy-5kce
10
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.3
Affected_packages
0
url pkg:npm/next@15.3.0
purl pkg:npm/next@15.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.0
1
url pkg:npm/next@15.3.1-canary.0
purl pkg:npm/next@15.3.1-canary.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.0
2
url pkg:npm/next@15.3.1-canary.1
purl pkg:npm/next@15.3.1-canary.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.1
3
url pkg:npm/next@15.3.1-canary.2
purl pkg:npm/next@15.3.1-canary.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.2
4
url pkg:npm/next@15.3.1-canary.3
purl pkg:npm/next@15.3.1-canary.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.3
5
url pkg:npm/next@15.3.1-canary.4
purl pkg:npm/next@15.3.1-canary.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.4
6
url pkg:npm/next@15.3.1-canary.5
purl pkg:npm/next@15.3.1-canary.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.5
7
url pkg:npm/next@15.3.1-canary.6
purl pkg:npm/next@15.3.1-canary.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.6
8
url pkg:npm/next@15.3.1-canary.7
purl pkg:npm/next@15.3.1-canary.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.7
9
url pkg:npm/next@15.3.1-canary.8
purl pkg:npm/next@15.3.1-canary.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.8
10
url pkg:npm/next@15.3.1-canary.9
purl pkg:npm/next@15.3.1-canary.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.9
11
url pkg:npm/next@15.3.1-canary.10
purl pkg:npm/next@15.3.1-canary.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.10
12
url pkg:npm/next@15.3.1-canary.11
purl pkg:npm/next@15.3.1-canary.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.11
13
url pkg:npm/next@15.3.1-canary.12
purl pkg:npm/next@15.3.1-canary.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.12
14
url pkg:npm/next@15.3.1-canary.13
purl pkg:npm/next@15.3.1-canary.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.13
15
url pkg:npm/next@15.3.1-canary.14
purl pkg:npm/next@15.3.1-canary.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.14
16
url pkg:npm/next@15.3.1-canary.15
purl pkg:npm/next@15.3.1-canary.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1-canary.15
17
url pkg:npm/next@15.3.1
purl pkg:npm/next@15.3.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.1
18
url pkg:npm/next@15.3.2
purl pkg:npm/next@15.3.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1qzn-gxkv-wye3
1
vulnerability VCID-2tah-y5sg-hugp
2
vulnerability VCID-3m4d-v2y1-5ua4
3
vulnerability VCID-54a7-9e98-3bc4
4
vulnerability VCID-54qu-9bx2-9ka8
5
vulnerability VCID-5kj1-stm6-8qgv
6
vulnerability VCID-pqwe-3ukm-dkh4
7
vulnerability VCID-qz2s-22e2-ufg9
8
vulnerability VCID-r4pw-m8mz-xbdq
9
vulnerability VCID-sjdx-v2z6-3fcw
10
vulnerability VCID-w35n-bwuy-5kce
11
vulnerability VCID-xv6q-hbf8-b7b1
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.2
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49005.json
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-49005.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-49005
reference_id
reference_type
scores
0
value 0.00173
scoring_system epss
scoring_elements 0.38756
published_at 2026-04-18T12:55:00Z
1
value 0.00173
scoring_system epss
scoring_elements 0.38778
published_at 2026-04-16T12:55:00Z
2
value 0.00173
scoring_system epss
scoring_elements 0.38732
published_at 2026-04-13T12:55:00Z
3
value 0.00173
scoring_system epss
scoring_elements 0.38759
published_at 2026-04-12T12:55:00Z
4
value 0.00173
scoring_system epss
scoring_elements 0.38796
published_at 2026-04-11T12:55:00Z
5
value 0.00173
scoring_system epss
scoring_elements 0.38784
published_at 2026-04-09T12:55:00Z
6
value 0.00173
scoring_system epss
scoring_elements 0.38772
published_at 2026-04-08T12:55:00Z
7
value 0.00173
scoring_system epss
scoring_elements 0.38723
published_at 2026-04-07T12:55:00Z
8
value 0.00173
scoring_system epss
scoring_elements 0.38795
published_at 2026-04-04T12:55:00Z
9
value 0.00173
scoring_system epss
scoring_elements 0.38773
published_at 2026-04-02T12:55:00Z
10
value 0.00188
scoring_system epss
scoring_elements 0.4058
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-49005
2
reference_url https://github.com/vercel/next.js
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vercel/next.js
3
reference_url https://github.com/vercel/next.js/commit/ec202eccf05820b60c6126d6411fe16766ecc066
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:34:09Z/
url https://github.com/vercel/next.js/commit/ec202eccf05820b60c6126d6411fe16766ecc066
4
reference_url https://github.com/vercel/next.js/issues/79346
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:34:09Z/
url https://github.com/vercel/next.js/issues/79346
5
reference_url https://github.com/vercel/next.js/pull/79939
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vercel/next.js/pull/79939
6
reference_url https://github.com/vercel/next.js/releases/tag/v15.3.3
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:34:09Z/
url https://github.com/vercel/next.js/releases/tag/v15.3.3
7
reference_url https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system cvssv3.1_qr
scoring_elements
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:34:09Z/
url https://github.com/vercel/next.js/security/advisories/GHSA-r2fc-ccr8-96c4
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-49005
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-49005
9
reference_url https://vercel.com/changelog/cve-2025-49005
reference_id
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-07-08T14:34:09Z/
url https://vercel.com/changelog/cve-2025-49005
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2376222
reference_id 2376222
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2376222
11
reference_url https://github.com/advisories/GHSA-r2fc-ccr8-96c4
reference_id GHSA-r2fc-ccr8-96c4
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-r2fc-ccr8-96c4
Weaknesses
0
cwe_id 444
name Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
description The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score0.1 - 3.7
Exploitability0.5
Weighted_severity3.3
Risk_score1.6
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-54a7-9e98-3bc4