Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/next@14.2.35
Typenpm
Namespace
Namenext
Version14.2.35
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version15.0.5
Latest_non_vulnerable_version16.1.5
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-38m6-9vq5-a7a7
vulnerability_id VCID-38m6-9vq5-a7a7
summary 
Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up
It was discovered that the fix for [CVE-2025-55184](https://github.com/advisories/GHSA-2m3v-v2m8-q956) in React Server Components was incomplete and did not fully mitigate denial-of-service conditions across all payload types.  As a result, certain crafted inputs could still trigger excessive resource consumption.

This vulnerability affects React versions 19.0.2, 19.1.3, and 19.2.2, as well as frameworks that bundle or depend on these versions, including Next.js 13.x, 14.x, 15.x, and 16.x when using the App Router. The issue is tracked upstream as [CVE-2025-67779](https://www.cve.org/CVERecord?id=CVE-2025-67779).

A malicious actor can send a specially crafted HTTP request to a Server Function endpoint that, when deserialized, causes the React Server Components runtime to enter an infinite loop. This can lead to sustained CPU consumption and cause the affected server process to become unresponsive, resulting in a denial-of-service condition in unpatched environments.
references
0
reference_url https://github.com/vercel/next.js
reference_id
reference_type
scores
url https://github.com/vercel/next.js
1
reference_url https://nextjs.org/blog/security-update-2025-12-11
reference_id
reference_type
scores
url https://nextjs.org/blog/security-update-2025-12-11
2
reference_url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
reference_id
reference_type
scores
url https://react.dev/blog/2025/12/11/denial-of-service-and-source-code-exposure-in-react-server-components
3
reference_url https://www.cve.org/CVERecord?id=CVE-2025-55184
reference_id
reference_type
scores
url https://www.cve.org/CVERecord?id=CVE-2025-55184
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-67779
reference_id CVE-2025-67779
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2025-67779
5
reference_url https://www.facebook.com/security/advisories/cve-2025-67779
reference_id CVE-2025-67779
reference_type
scores
url https://www.facebook.com/security/advisories/cve-2025-67779
6
reference_url https://github.com/advisories/GHSA-5j59-xgg2-r9c4
reference_id GHSA-5j59-xgg2-r9c4
reference_type
scores
url https://github.com/advisories/GHSA-5j59-xgg2-r9c4
7
reference_url https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4
reference_id GHSA-5j59-xgg2-r9c4
reference_type
scores
url https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4
fixed_packages
0
url pkg:npm/next@14.2.35
purl pkg:npm/next@14.2.35
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@14.2.35
1
url pkg:npm/next@15.0.7
purl pkg:npm/next@15.0.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.0.7
2
url pkg:npm/next@15.1.11
purl pkg:npm/next@15.1.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.1.11
3
url pkg:npm/next@15.2.8
purl pkg:npm/next@15.2.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.2.8
4
url pkg:npm/next@15.3.8
purl pkg:npm/next@15.3.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.3.8
5
url pkg:npm/next@15.4.10
purl pkg:npm/next@15.4.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.4.10
6
url pkg:npm/next@15.5.9
purl pkg:npm/next@15.5.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.5.9
7
url pkg:npm/next@15.6.0-canary.60
purl pkg:npm/next@15.6.0-canary.60
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@15.6.0-canary.60
8
url pkg:npm/next@16.0.10
purl pkg:npm/next@16.0.10
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@16.0.10
9
url pkg:npm/next@16.1.0-canary.19
purl pkg:npm/next@16.1.0-canary.19
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/next@16.1.0-canary.19
aliases GHSA-5j59-xgg2-r9c4
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38m6-9vq5-a7a7
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/next@14.2.35