High severityNVD Advisory· Published Jul 10, 2024· Updated Nov 5, 2024

Next.js Denial of Service (DoS) condition

CVE-2024-39693

Description

Next.js is a React framework. A Denial of Service (DoS) condition was identified in Next.js. Exploitation of the bug can trigger a crash, affecting the availability of the server. his vulnerability was resolved in Next.js 13.5 and later.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
nextnpm	>= 13.3.1, < 13.5.0	13.5.0

Affected products

Vercel/Next.jsv5
Range: >= 13.3.1, < 13.5.0

Patches

ffafad2c35a3

https://github.com/vercel/next.jsvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-fq54-2j52-jc42ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-39693ghsaADVISORY
github.com/vercel/next.js/security/advisories/GHSA-fq54-2j52-jc42ghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000