Next.js User Interface (UI) Misrepresentation of Critical Information Vulnerability - CVE-2022-23646

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0 Next.js is vulnerable to User Interface (UI) Misrepresentation of Critical Information. In order to be affected the next.config.js file must have an images.domains array assigned and the image host assigned in images.domains must allow user-provided SVG. If the next.config.js file has images.loader assigned to something other than default the instance is not affected. Version 12.1.0 contains a patch for this issue. As a workaround change next.config.js to use a different loader configuration other than the default.