Brandon Dahler

**Name of the Vulnerable Software and Affected Versions** Next.js versions 10.x through 14.x before version 14.2.7 **Description** The issue is related to the image optimization feature in Next.js, which contains a vulnerability allowing for a potential Denial of Service (DoS) condition that could lead to excessive CPU consumption due to uncontrolled recursion. This could be exploited by a remote attacker. The `next.config.js` file configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value, and Next.js applications hosted on Vercel, are not affected. **Recommendations** For Next.js versions 10.x through 14.x before version 14.2.7, upgrade to version 14.2.7 or later to secure your setup. As a temporary workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader`, or `images.loaderFile` assigned.