漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Next.js may leak x-middleware-subrequest-id to external hosts
Vulnerability Description
Next.js is a React framework for building full-stack web applications. To mitigate CVE-2025-29927, Next.js validated the x-middleware-subrequest-id which persisted across multiple incoming requests. However, this subrequest ID is sent to all requests, even if the destination is not the same host as the Next.js application. Initiating a fetch request to a third-party within Middleware will send the x-middleware-subrequest-id to that third party. This vulnerability is fixed in 12.3.6, 13.5.10, 14.2.26, and 15.2.4.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Next.js 信息泄露漏洞
Vulnerability Description
Next.js是Vercel开源的一个 React 框架。 Next.js存在信息泄露漏洞,该漏洞源于x-middleware-subrequest-id验证不足,可能导致信息泄露。以下版本受到影响:12.3.6之前版本、13.5.10之前版本、14.2.26之前版本和15.2.4之前版本。
CVSS Information
N/A
Vulnerability Type
N/A