Next.js@* Security Vulnerabilities and Issues — Next.js@* CVE List

Lucene search

VercelNext.js*

3 matches found

CVE•added 2022/02/17 9:15 p.m.•176 views

CVE-2022-23646

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in ...

7.5CVSS6.4AI score0.01402EPSS

CVE•added 2022/01/28 10:15 p.m.•88 views

CVE-2022-21721

Next.js is a React framework. Starting with version 12.0.0 and prior to version 12.0.9, vulnerable code could allow a bad actor to trigger a denial of service attack for anyone using i18n functionality. In order to be affected by this CVE, one must use next start or a custom server and the built-in...

7.5CVSS6.6AI score0.01265EPSS

CVE•added 2022/08/31 7:15 p.m.•67 views

CVE-2022-36046

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict unhandledRejection exiting AND using next start or a custom server . D...

5.3CVSS5.2AI score0.00092EPSS