Impact
When specific requests are made to the Next.js server it can cause an unhandledRejection
in the server which can crash the process to exit in specific Node.js versions with strict unhandledRejection
handling.
-
Affected: All of the following must be true to be affected by this CVE
- Node.js version above v15.0.0 being used with strict
unhandledRejection
exiting
- Next.js version v12.2.3
- Using next start or a custom server
-
Not affected: Deployments on Vercel (vercel.com) are not affected along with similar environments where next-server
isn't being shared across requests.
Patches
https://github.com/vercel/next.js/releases/tag/v12.2.4
Impact
When specific requests are made to the Next.js server it can cause an
unhandledRejection
in the server which can crash the process to exit in specific Node.js versions with strictunhandledRejection
handling.Affected: All of the following must be true to be affected by this CVE
unhandledRejection
exitingNot affected: Deployments on Vercel (vercel.com) are not affected along with similar environments where
next-server
isn't being shared across requests.Patches
https://github.com/vercel/next.js/releases/tag/v12.2.4