3 matches found
CVE-2021-39178
creationtimestamp| type| source ---|---|--- 2021-08-31 07:32:58+00:00| seen| https://t.me/cibsecurity/28056...
CVE-2021-39178 XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...
CVE-2021-39178
Concisely, CVE-2021-39178 affects Next.js when using versions 10.0.0–11.0.0 and the next.config.js images.domains array includes a host that can serve user-provided SVGs. If images.loader is not the default or the app runs on Vercel, the vulnerability does not apply. The vulnerability is a cross-...