CPE-8EB617E0-C317-4D57-808E-79545BCE3537 Detail

CPE Details

Vercel Next.js 12.0.8 Canary14 for Node.js

Vendor

vercel

Product

next.js

Version

12.0.8

Created

2023-10-27
14h36 +00:00

Modified

2023-10-27
14h36 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:vercel:next.js:12.0.8:canary14:::*:node.js::

Informations

Vendor

vercel

Product

next.js

Version

12.0.8

Update

canary14

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-47831	2024-10-14 18h04 +00:00	Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.	7.5	High
CVE-2023-46298	2023-10-21 22h00 +00:00	Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.	7.5	High
CVE-2022-23646	2022-02-17 19h35 +00:00	Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default.	7.5	High
CVE-2022-21721	2022-01-28 21h00 +00:00	Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in i18n support. Deployments on Vercel, along with similar environments where invalid requests are filtered before reaching Next.js, are not affected. A patch has been released, `next@12.0.9`, that mitigates this issue. As a workaround, one may ensure `/${locale}/_next/` is blocked from reaching the Next.js instance until it becomes feasible to upgrade.	7.5	High

Vercel Next.js 12.0.8 Canary14 for Node.js

CPE Details

CPE Name: cpe:2.3:a:vercel:next.js:12.0.8:canary14:*:*:*:node.js:*:*

Informations

Vendor

Product

Version

Update

Target Software

Related CVE

CPE Name: cpe:2.3:a:vercel:next.js:12.0.8:canary14:::*:node.js::