Skip to content

Unexpected server crash in Next.js versions above 11.1.0 and below 12.0.5

High
timneutkens published GHSA-25mp-g6fv-mqxx Dec 6, 2021

Package

npm next (npm)

Affected versions

< 12.0.5

Patched versions

12.0.5,11.1.3

Description

Impact

  • Affected: All of the following must be true to be affected by this CVE
    • Next.js versions above v11.1.0 and below v12.0.5
    • Node.js above v15.0.0 being used
    • Using next start or a custom server
  • Not affected: Deployments on Vercel (vercel.com) are not affected along with similar environments where invalid requests are filtered before reaching Next.js.

Patches

https://github.com/vercel/next.js/releases/tag/v12.0.5
https://github.com/vercel/next.js/releases/tag/v11.1.3

Severity

High

CVE ID

CVE-2021-43803

Weaknesses

No CWEs