CVE-2022-23646 - Vulnerability Details - OpenCVE

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vercel	Next.js

Configuration 1 [-]

cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*

No data.

References

Link	Providers
https://github.com/vercel/next.js/pull/34075
https://github.com/vercel/next.js/releases/tag/v12.1.0
https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-02-17T20:35:12

Updated: 2024-08-03T03:51:45.557Z

Reserved: 2022-01-19T00:00:00

Link: CVE-2022-23646

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-02-17T21:15:07.883

Modified: 2024-11-21T06:49:00.657

Link: CVE-2022-23646

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "next.js", "vendor": "vercel", "versions": [{"status": "affected", "version": ">= 10.0.0, < 12.1.0"}]}], "descriptions": [{"lang": "en", "value": "Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-451", "description": "CWE-451: User Interface (UI) Misrepresentation of Critical Information", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-17T20:35:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vercel/next.js/pull/34075"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/vercel/next.js/releases/tag/v12.1.0"}], "source": {"advisory": "GHSA-fmvm-x8mv-47mj", "discovery": "UNKNOWN"}, "title": "Improper CSP in Image Optimization API for Next.js", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23646", "STATE": "PUBLIC", "TITLE": "Improper CSP in Image Optimization API for Next.js"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "next.js", "version": {"version_data": [{"version_value": ">= 10.0.0, < 12.1.0"}]}}]}, "vendor_name": "vercel"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-451: User Interface (UI) Misrepresentation of Critical Information"}]}]}, "references": {"reference_data": [{"name": "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj", "refsource": "CONFIRM", "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"}, {"name": "https://github.com/vercel/next.js/pull/34075", "refsource": "MISC", "url": "https://github.com/vercel/next.js/pull/34075"}, {"name": "https://github.com/vercel/next.js/releases/tag/v12.1.0", "refsource": "MISC", "url": "https://github.com/vercel/next.js/releases/tag/v12.1.0"}]}, "source": {"advisory": "GHSA-fmvm-x8mv-47mj", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:51:45.557Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vercel/next.js/pull/34075"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/vercel/next.js/releases/tag/v12.1.0"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-23646", "datePublished": "2022-02-17T20:35:12", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2024-08-03T03:51:45.557Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*", "matchCriteriaId": "B4E2D630-A5B4-4D06-9FBA-A12756DD1C3E", "versionEndExcluding": "12.1.0", "versionStartIncluding": "10.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default."}, {"lang": "es", "value": "Next.js es un framework de React. A partir de la versi\u00f3n 10.0.0 y versiones anteriores a 12.1.0, Next.js es vulnerable a una tergiversaci\u00f3n de informaci\u00f3n cr\u00edtica en la Interfaz de Usuario (UI). Para estar afectado, el archivo \"next.config.js\" debe tener asignada una matriz \"images.domains\" y el host de im\u00e1genes asignado en \"images.domains\" debe permitir el SVG proporcionado por el usuario. Si el archivo \"next.config.js\" presenta asignado \"images.loader\" a algo distinto de lo predeterminado, la instancia no estar\u00e1 afectada. La versi\u00f3n 12.1.0 contiene un parche para este problema. Como medida de mitigaci\u00f3n, cambie \"next.config.js\" para usar \"loader configuration\" diferente a la predeterminada"}], "id": "CVE-2022-23646", "lastModified": "2024-11-21T06:49:00.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-02-17T21:15:07.883", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/vercel/next.js/pull/34075"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/vercel/next.js/releases/tag/v12.1.0"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://github.com/vercel/next.js/pull/34075"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/vercel/next.js/releases/tag/v12.1.0"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-451"}], "source": "security-advisories@github.com", "type": "Secondary"}]}