Uncontrolled Recursion

CVE-2024-47831

High

7.5/10

Summary

Next.js is a React Framework for the Web. It contains a vulnerability in the image optimization feature that allows for a potential Denial of Service (DoS) condition that could lead to excessive CPU consumption. Neither the "next.config.js" file configured with "images.unoptimized" set to "true'" or "images.loader" set to a non-default value nor the Next.js application hosted on Vercel is affected. This issue affects versions 10.0.0 through 14.2.6 and 14.3.0-canary.0 through 5.0.0-canary.108.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-674 - Uncontrolled Recursion

The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.

References

Advisory
Pull request
Release Note

Advisory Timeline

Published Oct 14, 2024

Uncontrolled Recursion

CVE-2024-47831

Summary

CWE-674 - Uncontrolled Recursion

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS