Skip to content

VULN UPGRADE: next (minor → 14.2.35) [website]#75

Closed
campaigner-prod[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/website/0-1767841635
Closed

VULN UPGRADE: next (minor → 14.2.35) [website]#75
campaigner-prod[bot] wants to merge 1 commit into
masterfrom
engraver-auto-version-upgrade/minorpatch/npm/website/0-1767841635

Conversation

@campaigner-prod
Copy link
Copy Markdown

@campaigner-prod campaigner-prod Bot commented Jan 8, 2026

Summary: Critical-severity security update — 1 package upgraded (MINOR changes included)

Manifests changed:

  • website (npm)

Updates

Package From To Type Vulnerabilities Fixed
next 14.0.4 14.2.35 minor 1 CRITICAL, 5 HIGH, 5 MODERATE, 2 LOW

Security Details

🚨 Critical & High Severity (6 fixed)
Package CVE Severity Summary Unsafe Version Fixed In
next GHSA-f82v-jwr5-mffw CRITICAL Authorization Bypass in Next.js Middleware 14.0.4 13.5.9
next GHSA-5j59-xgg2-r9c4 HIGH Next has a Denial of Service with Server Components - Incomplete Fix Follow-Up 14.0.4 14.2.35
next GHSA-gp8f-8m3g-qvj9 HIGH Next.js Cache Poisoning 14.0.4 13.5.7
next GHSA-7gfc-8cq8-jh5f HIGH Next.js authorization bypass vulnerability 14.0.4 14.2.15
next GHSA-fr5h-rqp8-mj6g HIGH Next.js Server-Side Request Forgery in Server Actions 14.0.4 14.1.1
next GHSA-mwv6-3258-q52c HIGH Next Vulnerable to Denial of Service with Server Components 14.0.4 14.2.34
ℹ️ Other Vulnerabilities (7)
Package CVE Severity Summary Unsafe Version Fixed In
next GHSA-xv57-4mr9-wg8v MODERATE Next.js Content Injection Vulnerability for Image Optimization 14.0.4 14.2.31
next GHSA-g77x-44xx-532m MODERATE Denial of Service condition in Next.js image optimization 14.0.4 14.2.7
next GHSA-g5qg-72qw-gw5v MODERATE Next.js Affected by Cache Key Confusion for Image Optimization API Routes 14.0.4 14.2.31
next GHSA-4342-x723-ch2f MODERATE Next.js Improper Middleware Redirect Handling Leads to SSRF 14.0.4 14.2.32
next GHSA-7m27-7ghc-44w9 MODERATE Next.js Allows a Denial of Service (DoS) with Server Actions 14.0.4 13.5.8
next GHSA-qpjv-v59x-3qc4 LOW Next.js Race Condition to Cache Poisoning 14.0.4 14.2.24
next GHSA-3h52-269p-cp9r LOW Information exposure in Next.js dev server due to lack of origin verification 14.0.4 15.2.2

Review Checklist

Enhanced review recommended for this update:

  • Review changes for compatibility with your code
  • Check release notes for breaking changes
  • Run integration tests to verify service behavior
  • Test in staging environment before production
  • Monitor key metrics after deployment

Update Mode: Vulnerability Remediation (Critical/High)

🤖 Generated by DataDog Automated Dependency Management System

@campaigner-prod campaigner-prod Bot closed this Feb 8, 2026
@campaigner-prod campaigner-prod Bot deleted the engraver-auto-version-upgrade/minorpatch/npm/website/0-1767841635 branch February 8, 2026 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

adms-critical-severity adms-dependency-update adms-high-severity adms-low-severity adms-medium-severity adms-minor-update adms-mode-critical-high-vulns adms-npm campaigner-automated-change

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants