Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-23646

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-17 Feb, 2022 | 20:35
Updated At-23 Apr, 2025 | 19:02
Rejected At-
Credits

Improper CSP in Image Optimization API for Next.js

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:17 Feb, 2022 | 20:35
Updated At:23 Apr, 2025 | 19:02
Rejected At:
▼CVE Numbering Authority (CNA)
Improper CSP in Image Optimization API for Next.js

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default.

Affected Products
Vendor
vercel
Product
next.js
Versions
Affected
  • >= 10.0.0, < 12.1.0
Problem Types
TypeCWE IDDescription
CWECWE-451CWE-451: User Interface (UI) Misrepresentation of Critical Information
Type: CWE
CWE ID: CWE-451
Description: CWE-451: User Interface (UI) Misrepresentation of Critical Information
Metrics
VersionBase scoreBase severityVector
3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj
x_refsource_CONFIRM
https://github.com/vercel/next.js/pull/34075
x_refsource_MISC
https://github.com/vercel/next.js/releases/tag/v12.1.0
x_refsource_MISC
Hyperlink: https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/vercel/next.js/pull/34075
Resource:
x_refsource_MISC
Hyperlink: https://github.com/vercel/next.js/releases/tag/v12.1.0
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj
x_refsource_CONFIRM
x_transferred
https://github.com/vercel/next.js/pull/34075
x_refsource_MISC
x_transferred
https://github.com/vercel/next.js/releases/tag/v12.1.0
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/vercel/next.js/pull/34075
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/vercel/next.js/releases/tag/v12.1.0
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:17 Feb, 2022 | 21:15
Updated At:25 Feb, 2022 | 17:44

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected, the `next.config.js` file must have an `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default, the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround, change `next.config.js` to use a different `loader configuration` other than the default.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Secondary3.15.9MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Secondary
Version: 3.1
Base score: 5.9
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches
vercel
vercel
>>next.js>>Versions from 10.0.0(inclusive) to 12.1.0(exclusive)
cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*
Weaknesses
CWE IDTypeSource
CWE-451Primarysecurity-advisories@github.com
CWE ID: CWE-451
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/vercel/next.js/pull/34075security-advisories@github.com
Issue Tracking
Patch
Third Party Advisory
https://github.com/vercel/next.js/releases/tag/v12.1.0security-advisories@github.com
Release Notes
Third Party Advisory
https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mjsecurity-advisories@github.com
Issue Tracking
Mitigation
Patch
Third Party Advisory
Hyperlink: https://github.com/vercel/next.js/pull/34075
Source: security-advisories@github.com
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: https://github.com/vercel/next.js/releases/tag/v12.1.0
Source: security-advisories@github.com
Resource:
Release Notes
Third Party Advisory
Hyperlink: https://github.com/vercel/next.js/security/advisories/GHSA-fmvm-x8mv-47mj
Source: security-advisories@github.com
Resource:
Issue Tracking
Mitigation
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

9Records found
CVE-2024-34350
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.47% / 63.73%
||
7 Day CHG~0.00%
Published-09 May, 2024 | 16:07
Updated-02 Aug, 2024 | 02:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Next.js Vulnerable to HTTP Request Smuggling

Next.js is a React framework that can provide building blocks to create web applications. Prior to 13.5.1, an inconsistent interpretation of a crafted HTTP request meant that requests are treated as both a single request, and two separate requests by Next.js, leading to desynchronized responses. This led to a response queue poisoning vulnerability in the affected Next.js versions. For a request to be exploitable, the affected route also had to be making use of the [rewrites](https://nextjs.org/docs/app/api-reference/next-config-js/rewrites) feature in Next.js. The vulnerability is resolved in Next.js `13.5.1` and newer.

Action-Not Available
Vendor-vercel
Product-next.js
CWE ID-CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
CVE-2021-39178
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.70% / 71.07%
||
7 Day CHG~0.00%
Published-30 Aug, 2021 | 23:55
Updated-04 Aug, 2024 | 01:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in Image Optimization API for Next.js versions between 10.0.0 and 11.1.0

Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default or the instance is deployed on Vercel, the instance is not affected by the vulnerability. The vulnerability is patched in Next.js version 11.1.1.

Action-Not Available
Vendor-vercelvercel
Product-next.jsnext.js
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-0888
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.3||MEDIUM
EPSS-0.54% / 66.72%
||
7 Day CHG~0.00%
Published-05 Apr, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Content-Spoofing vulnerability in the "files" app. The top navigation bar displayed in the files list contained partially user-controllable input leading to a potential misrepresentation of information.

Action-Not Available
Vendor-Nextcloud GmbH
Product-nextcloud_servernextcloudNextcloud Server
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2016-9473
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-4.7||MEDIUM
EPSS-1.21% / 78.16%
||
7 Day CHG~0.00%
Published-28 Mar, 2017 | 02:46
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier suffer from Full Address Bar Spoofing, allowing attackers to trick a victim by displaying a malicious page for legitimate domain names.

Action-Not Available
Vendor-braven/a
Product-browserBrave Software Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and earlier
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-7364
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.72%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 16:40
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UCWeb UC Browser Address Bar Spooofing

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.

Action-Not Available
Vendor-ucwebUCWeb
Product-uc_browserUC Browser
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2024-49040
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-10.47% / 92.94%
||
7 Day CHG~0.00%
Published-12 Nov, 2024 | 17:53
Updated-08 Jul, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Exchange Server Spoofing Vulnerability

Microsoft Exchange Server Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-exchange_serverMicrosoft Exchange Server 2019 Cumulative Update 13Microsoft Exchange Server 2016 Cumulative Update 23Microsoft Exchange Server 2019 Cumulative Update 14
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CVE-2021-27414
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.65%
||
7 Day CHG~0.00%
Published-11 Mar, 2022 | 17:54
Updated-16 Apr, 2025 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User interface misrepresentation of critical information in Hitachi ABB Power Grids Ellipse EAM

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.

Action-Not Available
Vendor-Hitachi Energy Ltd.Hitachi, Ltd.
Product-ellipse_enterprise_asset_managementEllipse Enterprise Asset Management (EAM)
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2021-27773
Matching Score-4
Assigner-HCL Software
ShareView Details
Matching Score-4
Assigner-HCL Software
CVSS Score-4.2||MEDIUM
EPSS-0.14% / 35.51%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 21:25
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
HCL Sametime is vulnerable to clickjacking

This vulnerability allows users to execute a clickjacking attack in the meeting's chat.

Action-Not Available
Vendor-HCL Technologies Ltd.
Product-sametimeSametime
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
CWE ID-CWE-1021
Improper Restriction of Rendered UI Layers or Frames
CVE-2020-7363
Matching Score-4
Assigner-Rapid7, Inc.
ShareView Details
Matching Score-4
Assigner-Rapid7, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.20% / 42.72%
||
7 Day CHG~0.00%
Published-20 Oct, 2020 | 16:40
Updated-17 Sep, 2024 | 02:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
UCWeb UC Browser Address Bar Spooofing

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser. This issue affects UCWeb's UC Browser version 13.0.8 and prior versions.

Action-Not Available
Vendor-ucwebUCWeb
Product-uc_browserUC Browser
CWE ID-CWE-451
User Interface (UI) Misrepresentation of Critical Information
Details not found