CPE-F29CC88E-BB88-4688-B41F-4435EA729A63 Detail

CPE Details

Vercel Next.js 11.1.1 Canary 9 for Node.js

Vendor

vercel

Product

next.js

Version

11.1.1

Created

2021-08-19
15h50 +00:00

Modified

2021-08-19
16h33 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:vercel:next.js:11.1.1:canary9:::*:node.js::

Informations

Vendor

vercel

Product

next.js

Version

11.1.1

Update

canary9

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2024-47831	2024-10-14 18h04 +00:00	Next.js is a React Framework for the Web. Cersions on the 10.x, 11.x, 12.x, 13.x, and 14.x branches before version 14.2.7 contain a vulnerability in the image optimization feature which allows for a potential Denial of Service (DoS) condition which could lead to excessive CPU consumption. Neither the `next.config.js` file that is configured with `images.unoptimized` set to `true` or `images.loader` set to a non-default value nor the Next.js application that is hosted on Vercel are affected. This issue was fully patched in Next.js `14.2.7`. As a workaround, ensure that the `next.config.js` file has either `images.unoptimized`, `images.loader` or `images.loaderFile` assigned.	7.5	High
CVE-2023-46298	2023-10-21 22h00 +00:00	Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.	7.5	High
CVE-2022-23646	2022-02-17 19h35 +00:00	Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default.	7.5	High
CVE-2021-43803	2021-12-09 22h50 +00:00	Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.	7.5	High

Vercel Next.js 11.1.1 Canary 9 for Node.js

CPE Details

CPE Name: cpe:2.3:a:vercel:next.js:11.1.1:canary9:*:*:*:node.js:*:*

Informations

Vendor

Product

Version

Update

Target Software

Related CVE

CPE Name: cpe:2.3:a:vercel:next.js:11.1.1:canary9:::*:node.js::