Plattform
nodejs
Komponente
next
Behoben in
10.0.1
14.2.7
CVE-2024-47831 describes a Denial of Service (DoS) vulnerability within the image optimization feature of Next.js. This flaw can trigger excessive CPU consumption, potentially impacting application performance and availability. The vulnerability affects versions of Next.js prior to 14.2.7, and a patch is available in version 14.2.7.
An attacker could exploit this vulnerability by crafting malicious image requests that trigger the image optimization feature to consume excessive CPU resources. This could lead to a denial of service, rendering the Next.js application unresponsive or significantly slowing down its performance. The impact is particularly severe for applications heavily reliant on image optimization or those serving a high volume of image requests. While not directly leading to data exfiltration, the DoS condition can disrupt service and potentially mask other malicious activity.
CVE-2024-47831 was published on 2024-10-14. There is no indication of this vulnerability being actively exploited in the wild. The EPSS score is likely low, given the lack of public exploits and the availability of a straightforward mitigation. No KEV listing is currently available.
Exploit-Status
EPSS
1.70% (82% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-47831 is to upgrade to Next.js version 14.2.7 or later, which includes the necessary patch. If upgrading is not immediately feasible, a workaround involves configuring the next.config.js file. Specifically, setting images.unoptimized to true or configuring images.loader to a non-default value will disable the vulnerable image optimization feature. After upgrading, confirm the fix by sending a series of image requests and monitoring CPU usage to ensure it remains within acceptable limits.
Actualice Next.js a la versión 14.2.7 o superior. Como alternativa, asegúrese de que el archivo `next.config.js` tenga asignado `images.unoptimized`, `images.loader` o `images.loaderFile`.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-47831 is a Denial of Service vulnerability in Next.js's image optimization feature, allowing attackers to cause excessive CPU usage and potentially disrupt application availability.
You are affected if you are using a version of Next.js prior to 14.2.7 and have not configured images.unoptimized or a non-default images.loader.
Upgrade to Next.js version 14.2.7 or later. Alternatively, configure images.unoptimized to true or set a non-default images.loader in your next.config.js file.
There is currently no evidence of CVE-2024-47831 being actively exploited in the wild.
Refer to the Next.js security advisory for detailed information and updates: [https://github.com/vercel/next.js/security/advisories/GHSA-9937-4947-4947](https://github.com/vercel/next.js/security/advisories/GHSA-9937-4947-4947)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.