Update to latest version of nextjs

[dsotirho-ucsc]

From ZAP scan 2025-04-01
Severity: Medium

The identified library nextjs, version 14.2.15 is vulnerable.

Recommended Solution

Upgrade to the latest version of the affected library.

Other Info

• CVE-2024-56332
• https://nvd.nist.gov/vuln/detail/CVE-2024-56332
• GHSA-7m27-7ghc-44w9
• GHSA-7m27-7ghc-44w9

Evidence

https://data.humancellatlas.org/_next/static/chunks/main-a8d1d7f367b9d912.js

="14.2.15",z=(0,v.default)(),V=e=>[].slice.call(e),X=!1;class Y extends y.default.Component
{componentDidCatch(e,t){this.props.fn(e,t)}componentDidMount

[nolunwa-ucsc]

According to Dave’s update, they are planning on upgrading to 14.2.15, which addresses the vulnerability.

[NoopDog]

The package is updated in the release https://github.com/DataBiosphere/data-portal/releases/tag/v2.4.4 which is deployed to production. This is ready to retest.

[dsotirho-ucsc]

Verified issue as fixed. This is not a finding from the latest ZAP scan.