security
rlly-ritesh
FREEOP

3 months ago

2025-12-17T19:01:18.040760436Z [inf] 2025-12-17T19:01:21.307464330Z [inf] [Region: europe-west4] 2025-12-17T19:01:21.359337627Z [err] ============================================================================== 2025-12-17T19:01:21.359365004Z [err] SECURITY VULNERABILITIES DETECTED 2025-12-17T19:01:21.359372324Z [err] ============================================================================== 2025-12-17T19:01:21.359375771Z [err] 2025-12-17T19:01:21.359380656Z [err] Railway cannot proceed with deployment due to security vulnerabilities in your 2025-12-17T19:01:21.359386395Z [err] project's dependencies. 2025-12-17T19:01:21.359389561Z [err] 2025-12-17T19:01:21.359393036Z [err] Found 2 vulnerable package(s): 2025-12-17T19:01:21.359396414Z [err] 2025-12-17T19:01:21.359399660Z [err] next@15.1.2 2025-12-17T19:01:21.359402781Z [err] Source: pnpm-lock.yaml 2025-12-17T19:01:21.359405776Z [err] Severity: CRITICAL 2025-12-17T19:01:21.359412106Z [err] Upgrade to 15.1.11: pnpm add next@^15.1.11 2025-12-17T19:01:21.359415207Z [err] 2025-12-17T19:01:21.359418156Z [err] Vulnerabilities: 2025-12-17T19:01:21.359421113Z [err] CVE-2025-55183 (MEDIUM): https://github.com/vercel/next.js/security/advisories/GHSA-w37m-7fhw-fmv9 2025-12-17T19:01:21.359424164Z [err] CVE-2025-55184 (HIGH): https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c 2025-12-17T19:01:21.359443372Z [err] CVE-2025-66478 (CRITICAL): https://github.com/vercel/next.js/security/advisories/GHSA-9qr9-h5gf-34mp 2025-12-17T19:01:21.359449678Z [err] CVE-2025-67779 (HIGH): https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4 2025-12-17T19:01:21.359452826Z [err] 2025-12-17T19:01:21.359456205Z [err] next@14.2.23 2025-12-17T19:01:21.359459661Z [err] Source: pnpm-lock.yaml 2025-12-17T19:01:21.359462615Z [err] Severity: HIGH 2025-12-17T19:01:21.359465886Z [err] Upgrade to 14.2.35: pnpm add next@^14.2.35 2025-12-17T19:01:21.359472292Z [err] 2025-12-17T19:01:21.359475224Z [err] Vulnerabilities: 2025-12-17T19:01:21.359478853Z [err] CVE-2025-55184 (HIGH): https://github.com/vercel/next.js/security/advisories/GHSA-mwv6-3258-q52c 2025-12-17T19:01:21.359482054Z [err] CVE-2025-67779 (HIGH): https://github.com/vercel/next.js/security/advisories/GHSA-5j59-xgg2-r9c4 2025-12-17T19:01:21.359484984Z [err] 2025-12-17T19:01:21.359491808Z [err] For assistance, visit https://station.railway.com/new?type=technical

Solved

1 Replies

noahd
EMPLOYEE

3 months ago

Hi there!

We've detected a security issue related to the version of Next.js you're using or one of its dependencies. We scan framework versions and dependencies for known vulnerabilities, and this combination includes an issue that prevents us from safely building your deployment.

You can find more details in the links provided in the error logs, or in the official advisory here: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components

Updating Next.js and/or any affected dependencies to patched versions should resolve the issue!

Best Regards,

The Railway Team

Status changed to Awaiting User Response Railway 3 months ago

Railway
BOT

3 months ago

This thread has been marked as solved automatically due to a lack of recent activity. Please re-open this thread or create a new one if you require further assistance. Thank you!

Status changed to Solved Railway 3 months ago

Loading...