CHANGE (RetireJS) @W-15819273@: Updating RetireJS vulns for v3.25.0 release.

stephen-carter-at-sf · stephen-carter-at-sf · commit 30f580b90638 · 2024-05-28T10:55:16.000-04:00
diff --git a/retire-js/RetireJsVulns.json b/retire-js/RetireJsVulns.json
@@ -1193,8 +1193,7 @@
           "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
           "githubID": "GHSA-27gm-ghr9-4v95",
           "CVE": [
-            "CVE-2020-17480",
-            "CVE-2020-23066"
+            "CVE-2020-17480"
           ]
         },
         "info": [
@@ -1264,8 +1263,7 @@
           "summary": "The vulnerability allowed arbitrary JavaScript execution when inserting a specially crafted piece of content into the editor via the clipboard or APIs",
           "githubID": "GHSA-27gm-ghr9-4v95",
           "CVE": [
-            "CVE-2020-17480",
-            "CVE-2020-23066"
+            "CVE-2020-17480"
           ]
         },
         "info": [
@@ -6333,6 +6331,52 @@
         "info": [
           "https://github.com/advisories/GHSA-c59h-r6p8-q9wc"
         ]
+      },
+      {
+        "atOrAbove": "13.4.0",
+        "below": "13.5.1",
+        "cwe": [
+          "CWE-444"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "Next.js Vulnerable to HTTP Request Smuggling",
+          "CVE": [
+            "CVE-2024-34350"
+          ],
+          "githubID": "GHSA-77r5-gw3j-2mpf"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-77r5-gw3j-2mpf",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-77r5-gw3j-2mpf",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-34350",
+          "https://github.com/vercel/next.js/commit/44eba020c615f0d9efe431f84ada67b81576f3f5",
+          "https://github.com/vercel/next.js",
+          "https://github.com/vercel/next.js/compare/v13.5.0...v13.5.1"
+        ]
+      },
+      {
+        "atOrAbove": "13.4.0",
+        "below": "14.1.1",
+        "cwe": [
+          "CWE-918"
+        ],
+        "severity": "high",
+        "identifiers": {
+          "summary": "Next.js Server-Side Request Forgery in Server Actions",
+          "CVE": [
+            "CVE-2024-34351"
+          ],
+          "githubID": "GHSA-fr5h-rqp8-mj6g"
+        },
+        "info": [
+          "https://github.com/advisories/GHSA-fr5h-rqp8-mj6g",
+          "https://github.com/vercel/next.js/security/advisories/GHSA-fr5h-rqp8-mj6g",
+          "https://nvd.nist.gov/vuln/detail/CVE-2024-34351",
+          "https://github.com/vercel/next.js/pull/62561",
+          "https://github.com/vercel/next.js/commit/8f7a6ca7d21a97bc9f7a1bbe10427b5ad74b9085",
+          "https://github.com/vercel/next.js"
+        ]
       }
     ],
     "extractors": {
