GHSA-C7XP-Q6Q8-HG76
Vulnerability from github – Published: 2026-03-31 23:25 – Updated: 2026-04-06 16:39Product: Nuxt OG Image Version: 6.1.2 CWE-ID: CWE-404: Improper Resource Shutdown or Release Description: Failure to limit the length and width of the generated image results in a denial of service. Impact: Denial of service Exploitation condition: An external user Mitigation: Implement a limitation on the width and length of the generated image. Researcher: Dmitry Prokhorov (Positive Technologies)
Research
During the analysis of the nuxt-og-image package, which is shipped with the nuxt-seo package, a zero‑day vulnerability was discovered.
This research revealed that the image‑generation component by the URI: /_og/d/ (and, in older versions, /og-image/) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates.
Listing 1. The content of the configuration file nuxt.config.ts
export default defineNuxtConfig({
modules: ['nuxt-og-image'],
devServer: {
host: 'web-test.local',
port: 3000
},
site: {
url: 'http://web-test.local:3000',
},
ogImage: {
fonts: [
'Inter:400',
'Inter:700'
],
}
})
Vulnerability reproduction
To demonstrate the proof‑of‑concept, a request should be sent with the increased width and height parameters. This will cause a delay and exhaust the server’s resources during image generation.
Listing 2. HTTP-request example
GET /_og/d/og.png?width=20000&height=20000 HTTP/1.1
Host: web-test.local:3000
Figure 1. HTTP-response: denial-of-service error
After sending a HTTP-request, the test server's memory was exhausted.
Figure 2. Video memory exhausted error
Credits
Researcher: Dmitry Prokhorov (Positive Technologies)
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "nuxt-og-image"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.2.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-34404"
],
"database_specific": {
"cwe_ids": [
"CWE-400",
"CWE-404"
],
"github_reviewed": true,
"github_reviewed_at": "2026-03-31T23:25:53Z",
"nvd_published_at": "2026-03-31T22:16:18Z",
"severity": "MODERATE"
},
"details": "**Product:** Nuxt OG Image \n**Version:** 6.1.2\n**CWE-ID:** [CWE-404](https://cwe.mitre.org/data/definitions/404.html): Improper Resource Shutdown or Release\n**Description:** Failure to limit the length and width of the generated image results in a denial of service.\n**Impact:** Denial of service\n**Exploitation condition:** An external user\n**Mitigation:** Implement a limitation on the width and length of the generated image.\n**Researcher:** Dmitry Prokhorov (Positive Technologies)\n\n## Research \nDuring the analysis of the nuxt-og-image package, which is shipped with the nuxt-seo package, a zero\u2011day vulnerability was discovered.\nThis research revealed that the image\u2011generation component by the URI: `/_og/d/` (and, in older versions, `/og-image/`) contains a Denial of Service (DoS) vulnerability. The issue arises because there is no restriction on the width and height parameters of the generated image. The vulnerability was reproduced using the standard configuration and the default templates.\n\n_Listing 1. The content of the configuration file `nuxt.config.ts`_ \n```\nexport default defineNuxtConfig({\n modules: [\u0027nuxt-og-image\u0027],\n devServer: {\n host: \u0027web-test.local\u0027,\n port: 3000\n },\n site: {\n url: \u0027http://web-test.local:3000\u0027,\n },\n ogImage: {\n fonts: [\n \u0027Inter:400\u0027, \n \u0027Inter:700\u0027\n ],\n }\n})\n```\n\n## Vulnerability reproduction\nTo demonstrate the proof\u2011of\u2011concept, a request should be sent with the increased `width`\u202fand\u202f`height`\u202fparameters. This will cause a delay and exhaust the server\u2019s resources during image generation.\n\n_Listing 2. HTTP-request example_\n```\nGET /_og/d/og.png?width=20000\u0026height=20000 HTTP/1.1\nHost: web-test.local:3000\n```\n\n_Figure 1. HTTP-response: denial-of-service error_\n\u003cimg width=\"974\" height=\"663\" alt=\"image\" src=\"https://github.com/user-attachments/assets/ff625249-2e0d-4a03-a734-3a77fd0cbb81\" /\u003e\n\nAfter sending a HTTP-request, the test server\u0027s memory was exhausted.\n\n_Figure 2. Video memory exhausted error_\n\u003cimg width=\"863\" height=\"1033\" alt=\"image\" src=\"https://github.com/user-attachments/assets/66b5919a-f039-468e-812e-1f709c468287\" /\u003e\n\n\n## Credits\nResearcher: Dmitry Prokhorov (Positive Technologies)",
"id": "GHSA-c7xp-q6q8-hg76",
"modified": "2026-04-06T16:39:48Z",
"published": "2026-03-31T23:25:53Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/nuxt-modules/og-image/security/advisories/GHSA-c7xp-q6q8-hg76"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34404"
},
{
"type": "PACKAGE",
"url": "https://github.com/nuxt-modules/og-image"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Nuxt OG Image is vulnerable to Denial of Service via unbounded image dimensions"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.