Next.Js · Next.Js · CVE-2024-34350
**Name of the Vulnerable Software and Affected Versions**
Next.js versions prior to 13.5.1
**Description**
The issue arises from an inconsistent interpretation of crafted HTTP requests, leading to desynchronized responses and a response queue poisoning vulnerability. This occurs when the affected route utilizes the `rewrites` feature in Next.js.
**Recommendations**
For versions prior to 13.5.1, upgrade to Next.js version 13.5.1 or newer, which includes Next.js 14.x, to resolve the vulnerability. As a temporary workaround, consider avoiding the use of the `rewrites` feature in Next.js until the issue is resolved.