search

twopluszero / next-images

Import images in Next.js (supports jpg, jpeg, svg, png and gif images)
MIT License
949 stars 67 forks source link

Vulnerability CVE-2022-37601 due to loader-utils dependency #89

Open darelover opened 2 years ago

darelover commented 2 years ago

next-images has a transitive dependency on vulnerable version of loader-utils. This is similar to next.js: https://github.com/vercel/next.js/issues/11149

Refer: https://nvd.nist.gov/vuln/detail/CVE-2022-37601