Skip to content

[GHSA-c4j6-fc7j-m34r] Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades#7719

Closed
Drbambi7 wants to merge 2 commits into
Drbambi7/advisory-improvement-7719from
Drbambi7-GHSA-c4j6-fc7j-m34r
Closed

[GHSA-c4j6-fc7j-m34r] Next.js vulnerable to server-side request forgery in applications using WebSocket upgrades#7719
Drbambi7 wants to merge 2 commits into
Drbambi7/advisory-improvement-7719from
Drbambi7-GHSA-c4j6-fc7j-m34r

Conversation

@Drbambi7

Copy link
Copy Markdown

Updates

  • CVSS v3
  • Severity

Comments
שפר הכי שניתן

@github

github commented May 16, 2026

Copy link
Copy Markdown
Collaborator

Hi there @timneutkens! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

Copilot AI review requested due to automatic review settings May 16, 2026 17:21
@github-actions github-actions Bot changed the base branch from main to Drbambi7/advisory-improvement-7719 May 16, 2026 17:22

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the CVSS v3 vector and severity rating for the Next.js SSRF advisory (GHSA-c4j6-fc7j-m34r), lowering it from HIGH to MODERATE.

Changes:

  • Updated CVSS v3 vector to reflect higher attack complexity, required privileges, and user interaction.
  • Lowered severity from HIGH to MODERATE.
  • Bumped the modified timestamp.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github

github commented May 16, 2026

Copy link
Copy Markdown
Collaborator

Hi there @timneutkens! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

@github-actions

Copy link
Copy Markdown

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

@github-actions github-actions Bot added the Stale label Jun 21, 2026
@helixplant helixplant added the invalid This doesn't seem right label Jun 22, 2026
@helixplant helixplant closed this Jun 22, 2026
@github-actions github-actions Bot deleted the Drbambi7-GHSA-c4j6-fc7j-m34r branch June 22, 2026 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

invalid This doesn't seem right Stale

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants