Skip to content

[Data Browser] Vulnerable JS Library (nextjs) #4587

Closed
Defect
Closed
[Data Browser] Vulnerable JS Library (nextjs)#4587
Defect
Assignees
bvizzier-ucsc
Labels
DAST[subject] Represents one or more findings from a DAST scan like Invicti or OWASP ZAPcompliance[subject] Information and software securityseverity:medium[subject] A SecurityHub severity of MEDIUM
@achave11-ucsc

Description

@achave11-ucsc
achave11-ucsc
opened on Nov 14, 2025

From ZAP scan 2025-11-06
Severity: Medium

The identified library nextjs, version 14.2.30 is vulnerable

Recommended solution

Upgrade to the latest version of the affected library.

Other Info

The identified library nextjs, version 14.2.30 is vulnerable. CVE-2025-57822 CVE-2025-
57752 CVE-2025-55173 https://vercel.com/changelog/cve-2025-57752 https://github.com
/vercel/next.js/pull/82114 https://github.com/vercel/next.js/security/advisories/GHSA-xv57-
4mr9-wg8v https://github.com/vercel/next.js/security/advisories/GHSA-g5qg-72qw-gw5v
https://vercel.com/changelog/cve-2025-57822 https://github.com/vercel/next.js/security
/advisories/GHSA-4342-x723-ch2f http://vercel.com/changelog/cve-2025-55173
https://github.com/vercel/next.js/commit/9c9aaed5bb9338ef31b0517ccf0ab4414f2093d8
https://github.com/vercel/next.js/commit/6b12c60c61ee80cb0443ccd20de82ca9b4422ddd
https://vercel.com/changelog/cve-2025-55173

Evidence

="14.2.30",X=(0,v.default)(),V=e=>[].slice.call(e),z=!1;class Y extends y.default.Component

{componentDidCatch(e,t){this.props.fn(e,t)}componentDidMount

Metadata

Metadata

Assignees

Labels

DAST[subject] Represents one or more findings from a DAST scan like Invicti or OWASP ZAPcompliance[subject] Information and software securityseverity:medium[subject] A SecurityHub severity of MEDIUM

Type

Defect

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions