Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.
Metrics
Affected Vendors & Products
References
History
Fri, 08 Nov 2024 16:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Vercel
Vercel next.js |
|
CPEs | cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:* | |
Vendors & Products |
Vercel
Vercel next.js |
Tue, 15 Oct 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Tue, 15 Oct 2024 01:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Mon, 14 Oct 2024 18:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned. | |
Title | Next.js image optimization has Denial of Service condition | |
Weaknesses | CWE-674 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-10-14T18:04:25.927Z
Updated: 2024-10-15T14:52:10.465Z
Reserved: 2024-10-03T14:06:12.643Z
Link: CVE-2024-47831
Vulnrichment
Updated: 2024-10-15T14:52:05.004Z
NVD
Status : Analyzed
Published: 2024-10-14T18:15:05.013
Modified: 2024-11-08T15:39:21.823
Link: CVE-2024-47831
Redhat