Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-g77x-44xx-532m

GitHub Security Advisory

Denial of Service condition in Next.js image optimization

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact
The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption.

**Not affected:**
- The `next.config.js` file is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value.
- The Next.js application is hosted on Vercel.

### Patches
This issue was fully patched in Next.js `14.2.7`. We recommend that users upgrade to at least this version.

### Workarounds
Ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.

#### Credits
Brandon Dahler (brandondahler), AWS
Dimitrios Vlastaras

Affected Packages

npm next
Affected versions: 10.0.0 (fixed in 14.2.7)

Related CVEs

CVE-2024-47831

Key Information

GHSA ID
GHSA-g77x-44xx-532m
Published
October 14, 2024 7:45 PM
Last Modified
November 8, 2024 6:55 PM
CVSS Score
5.0 /10
Primary Ecosystem
npm
Primary Package
next
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 3, 2025 6:14 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.