CVE-2024-47831

Name of the Vulnerable Software and Affected Versions Next.js versions 10.x through 14.x before version 14.2.7

Description The issue is related to the image optimization feature in Next.js, which contains a vulnerability allowing for a potential Denial of Service (DoS) condition that could lead to excessive CPU consumption due to uncontrolled recursion. This could be exploited by a remote attacker. The next.config.js file configured with images.unoptimized set to true or images.loader set to a non-default value, and Next.js applications hosted on Vercel, are not affected.

Recommendations For Next.js versions 10.x through 14.x before version 14.2.7, upgrade to version 14.2.7 or later to secure your setup. As a temporary workaround, ensure that the next.config.js file has either images.unoptimized, images.loader, or images.loaderFile assigned.