35 matches found
Hydrogen 跨站脚本漏洞
Hydrogen is a React-based framework for Shopify individual developers. It is used to build dynamic, custom storefronts powered by Shopify. A cross-site scripting vulnerability exists in Hydrogen versions 0.10.0 through 0.18.0, which can be exploited by an attacker to execute script on pages built...
CVE-2022-23646
CVE-2022-23646 affects Next.js (React framework) versions 10.0.0 through 12.0.x prior to 12.1.0. The issue is UI misrepresentation of critical information when next.config.js defines an images.domains array and the image host in domains allows user-provided SVG; if next.config.js uses a non-defau...
CVE-2022-23646 Improper CSP in Image Optimization API for Next.js
Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface UI Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in...
Code injection
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...
CVE-2022-21721 DOS Vulnerability in next.js
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...
CVE-2022-21721 DOS Vulnerability in next.js
Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-...
CVE-2021-43803
Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...
CVE-2021-43803
Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...
Code injection
Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...
CVE-2021-43803
CVE-2021-43803 affects Next.js (a React framework) where invalid or malformed URLs could crash the server in specific deployments. The issue applies to Next.js versions below 12.0.5 and above 11.1.0, with Node.js > 15.0.0, when using next start or a custom server. Deployments on Vercel and sim...
Unexpected server crash in Next.js.
Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom...
CVE-2021-39178
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...
CVE-2021-39178
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...
CVE-2021-39178
Concisely, CVE-2021-39178 affects Next.js when using versions 10.0.0–11.0.0 and the next.config.js images.domains array includes a host that can serve user-provided SVGs. If images.loader is not the default or the app runs on Vercel, the vulnerability does not apply. The vulnerability is a cross-...
CVE-2021-39178 XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0
Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the next.config.js file must have images.domains array assigned and the image host assigned in images.domains mus...