DirectorySecurity Advisories
Sign In
Security Advisories

CGA-r799-xvgx-mjjx

Published

Last updated

https://images.chainguard.dev/security/CGA-r799-xvgx-mjjx
Package

jitsucom-jitsu

Latest Update
Fixed
Fixed Version

2.8.2-r1

Aliases
  • CVE-2024-47831
  • GHSA-g77x-44xx-532m

Severity

5.9

Medium

CVSS V3

Summary

Denial of Service condition in Next.js image optimization

Description

Impact

The image optimization feature of Next.js contained a vulnerability which allowed for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption.

Not affected:

  • The next.config.js file is configured with images.unoptimized set to true or images.loader set to a non-default value.
  • The Next.js application is hosted on Vercel.

Patches

This issue was fully patched in Next.js 14.2.7. We recommend that users upgrade to at least this version.

Workarounds

Ensure that the next.config.js file has either images.unoptimized, images.loader or images.loaderFile assigned.

Credits

Brandon Dahler (brandondahler), AWS Dimitrios Vlastaras

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images