CVE-2024-37818 - v4 - 3 months old

Hey Folks,

Regarding CVE-2024-37818 (CVE Website) this CVE is public since 2024-06-20 (3 months ago).
Will there be a fix soon?
Or will this be delayed until v5 is released? :expressionless:

:wave: Anyone else interested in this issue?

This is now tagged as “disputed” - any updates? CVE Website

It literally has nothing to do with us, it’s referencing next.js which we do not use

Thanks for clarification.

That disputed status is one that we submitted to MITRE, CVEs always require a bit of caution, anyone can submit a CVE without any validation so you have to be mindful and take them with some degree of salt.

Just because a CVE exists doesn’t always mean it’s valid or even concerning. It’s certainly not the first time we have been the target of weird CVEs (as a member of our security team, I’ve seen it all I swear :laughing: )