Description

Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.

INFO

Published Date :

2024-10-14T18:04:25.927Z

Last Modified :

2024-10-15T14:52:10.465Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-47831 vulnerability.

Vendors Products
Vercel
  • Next.js
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-47831.

URL Resource
https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a cve-icon cve-icon cve-icon
https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2024-47831 cve-icon
https://www.cve.org/CVERecord?id=CVE-2024-47831 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact