The inclusion of JavaScript code from Next.js v13.3.0, which has a known high-severity vulnerability (CVE-2023-46298), in error page responses poses a potential security risk and could lead to a Denial of Service (DoS) attack. This is specifically due to the https://obol.tech/blocked page. Need to fix the https://github.com/ObolNetwork/obol-site/pull/103 PR and merge.
To fix, this PR obol-ui update is needed but the navbar component will not work as router.events were removed in nextjs newer versions. So route cause is fixing this
🎯 Problem to be solved
The inclusion of JavaScript code from Next.js v
13.3.0
, which has a known high-severity vulnerability (CVE-2023-46298
), in error page responses poses a potential security risk and could lead to a Denial of Service (DoS) attack. This is specifically due to the https://obol.tech/blocked page. Need to fix the https://github.com/ObolNetwork/obol-site/pull/103 PR and merge.To fix, this PR obol-ui update is needed but the navbar component will not work as router.events were removed in nextjs newer versions. So route cause is fixing this
Pen testing report: https://docs.google.com/spreadsheets/d/1OUYfc41qVqvMiVpysQ0suyAYmMrA2XkfIz2ky9WHXKg/edit#gid=0
🛠️ Proposed solution