Home > Vulnerability Database > CVE-2024-37162

Mend.io Vulnerability Database

CVE-2024-37162

Good to know:

Date: June 7, 2024

zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure. This has been patched on `0.3.3`.

Language: TYPE_SCRIPT

Severity Score

4.0

Related Resources (5)

Url: https://github.com/IdoPesok/zsa

Url: https://github.com/IdoPesok/zsa/commit/86b86b282bde6780963f62406cc8bc65f2c86f3a

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37162

Url: https://github.com/IdoPesok/zsa/security/advisories/GHSA-wjmj-h3xc-hxp8

Url: https://www.mend.io/vulnerability-database/CVE-2024-37162

Severity Score

4.0

Weakness Type (CWE)

Generation of Error Message Containing Sensitive Information

CWE-209

Top Fix

Upgrade Version

Upgrade to version zsa - 0.3.3

Learn More

CVSS v3.1

Base Score:	4.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37162

Good to know:

Date: June 7, 2024

Language: TYPE_SCRIPT

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?