Summary Impact Resolution Credit References A vulnerability affecting has been addressed. It impacted versions prior to and , and involved a cache poisoning issue that caused sensitive image responses from API routes to be cached and subsequently served to unauthorized users.Next.js Image Optimizationv15.4.5v14.2.31 Vercel deployments were never impacted by this vulnerability. When API routes are used to return image content that varies based on headers (e.g., , ), and those images are passed through Next.js Image Optimization, the optimized image may be cached without including those request headers as part of the cache key.

This can lead to:CookieAuthorization This issue arises without user interaction and requires no elevated privileges, only a prior authorized request to populate the cache. The issue was resolved by ensuring request headers aren’t forwarded to the request that is proxied to the image endpoint. This ensures that the image endpoint cannot be used to serve images that require authorization data and thus cannot be cached. Fix available in: Thanks to for the responsible disclosure.reddounsf Read more of user-specific or protected image contentUnauthorized…