Skip to main content

Next Js CVE-2024-47831

HIGH
Uncontrolled Recursion (CWE-674)
2024-10-14 security-advisories@github.com
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 14, 2024 - 18:15 nvd
HIGH 7.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 6 npm packages depend on next (5 direct, 1 indirect)

Ecosystem-wide dependent count for version 10.0.0.

DescriptionNVD

Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the next.config.js file that is configured with images.unoptimized set to true or images.loader set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js 14.2.7. As a workaround, ensure that the next.config.js file has either images.unoptimized, images.loader or images.loaderFile assigned.

AnalysisAI

Next.js is a React Framework for the Web. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified under CWE-674. Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the next.config.js file that is configured with images.unoptimized set to true or images.loader set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js 14.2.7. As a workaround, ensure that the next.config.js file has either images.unoptimized, images.loader or images.loaderFile assigned. Affected products include: Vercel Next.Js. Version information: version 14.2.7.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-34351 HIGH POC
7.5 May 14

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5)

CVE-2023-46298 HIGH POC
7.5 Oct 22

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached

CVE-2018-6184 HIGH POC
7.5 Jan 24

ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. Rated high severity (CVSS 7.5),

CVE-2020-5284 MEDIUM POC
4.3 Mar 30

Next.js versions before 9.3.2 have a directory traversal vulnerability. Rated medium severity (CVSS 4.3), this vulnerabi

CVE-2024-51479 HIGH
7.5 Dec 17

Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2024-46982 HIGH
7.5 Sep 17

Next.js is a React framework for building full-stack web applications. Rated high severity (CVSS 7.5), this vulnerabilit

CVE-2024-39693 HIGH
7.5 Jul 10

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat

CVE-2024-34350 HIGH
7.5 May 14

Next.js is a React framework that can provide building blocks to create web applications. Rated high severity (CVSS 7.5)

CVE-2022-23646 HIGH
7.5 Feb 17

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat

CVE-2021-43803 HIGH
7.5 Dec 10

Next.js is a React framework. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authenticat

CVE-2021-39178 MEDIUM
6.1 Aug 31

Next.js is a React framework. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentic

CVE-2021-37699 MEDIUM
6.1 Aug 12

Next.js is an open source website development framework to be used with the React library. Rated medium severity (CVSS 6

Share

CVE-2024-47831 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy