jitsucom-jitsu
2.8.2-r1
5.9
CVSS V3
Denial of Service condition in Next.js image optimization
The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption.
Not affected:
next.config.js
file is configured with images.unoptimized
set to true
or images.loader
set to a non-default value.This issue was fully patched in Next.js 14.2.7
. We recommend that users upgrade to at least this version.
Ensure that the next.config.js
file has either images.unoptimized
, images.loader
or images.loaderFile
assigned.
Brandon Dahler (brandondahler), AWS Dimitrios Vlastaras