3 matches found
CVE-2021-39178
creationtimestamp| type| source ---|---|--- 2021-08-31 07:32:58+00:00| seen| https://t.me/cibsecurity/28056...
CVE-2021-39178
Concisely, CVE-2021-39178 affects Next.js when using versions 10.0.0–11.0.0 and the next.config.js images.domains array includes a host that can serve user-provided SVGs. If images.loader is not the default or the app runs on Vercel, the vulnerability does not apply. The vulnerability is a cross-...
CVE-2021-39178 XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...