Описание
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.
A cache key confusion vulnerability in Next.js Image Optimization API could cause header-dependent images (e.g., using Cookie or Authorization) to be incorrectly cached and served to unauthorized users.
Binary-Affected: Next.js
Upstream-version-introduced: v14.2.30
Upstream-version-fixed: v15.4.5 and v14.2.31
Отчет
This vulnerability is considered Moderate because it only impacts applications that both (1) serve images through API routes where responses vary based on sensitive request headers, and (2) have image optimization enabled. In most common Next.js deployments, static images or header-independent responses are used, meaning the bug has no effect. Additionally, the exposure is limited to cached image content rather than direct access to underlying APIs or application data. Since it does not allow arbitrary code execution, privilege escalation, or broad data leakage by default, the impact is constrained to specific configurations, making it a Moderate issue rather than a Important flaw.
Меры по смягчению последствий
As a mitigation, developers/admins should avoid serving images that depend on sensitive request headers (such as Cookie or Authorization) through the Image Optimization API. Instead, these images can be served directly without optimization or with caching disabled to prevent unintended exposure to unauthorized users.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 10 | thunderbird | Fix deferred | ||
| Red Hat Enterprise Linux 7 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 8 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 8 | thunderbird | Fix deferred | ||
| Red Hat Enterprise Linux 9 | dotnet7.0 | Fix deferred | ||
| Red Hat Enterprise Linux 9 | firefox | Fix deferred | ||
| Red Hat Enterprise Linux 9 | thunderbird | Fix deferred | ||
| Red Hat Trusted Artifact Signer | rhtas/rekor-search-ui-rhel9 | Fix deferred | ||
| streams for Apache Kafka 2 | com.github.streamshub-console | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
Связанные уязвимости
Next.js is a React framework for building full-stack web applications. In versions before 14.2.31 and from 15.0.0 to before 15.4.5, Next.js Image Optimization API routes are affected by cache key confusion. When images returned from API routes vary based on request headers (such as Cookie or Authorization), these responses could be incorrectly cached and served to unauthorized users due to a cache key confusion bug. This vulnerability has been fixed in Next.js versions 14.2.31 and 15.4.5. All users are encouraged to upgrade if they use API routes to serve images that depend on request headers and have image optimization enabled.
Next.js Affected by Cache Key Confusion for Image Optimization API Routes
EPSS