Lucene search
PRIOn knowledge basePRION:CVE-2022-23646HistoryFeb 17, 2022 - 9:15 p.m.
Design/Logic Flaw
2022-02-1721:15:00
PRIOn knowledge base
www.prio-n.com
5
Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in images.domains must allow user-provided SVG. If the next.config.js file has images.loader assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change next.config.js to use a different loader configuration other than the default.
Related
osv
osv
Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
2022-02-17 17:19:18
CVE-2022-23646
2022-02-17 21:15:07
cve
cve
CVE-2022-23646
2022-02-17 21:15:07
github
github
cvelist
cvelist
CVE-2022-23646 Improper CSP in Image Optimization API for Next.js
2022-02-17 20:35:12
veracode
veracode
User Interface (UI) Misrepresentation Of Critical Information
2022-02-18 14:02:05
nvd
nvd
CVE-2022-23646
2022-02-17 21:15:07
