GHSA-wff4-fpwg-qqv3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wff4-fpwg-qqv3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/08/GHSA-wff4-fpwg-qqv3/GHSA-wff4-fpwg-qqv3.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wff4-fpwg-qqv3
- Aliases
- Published
- 2022-08-30T20:38:34Z
- Modified
- 2023-11-08T04:09:58.785797Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Unexpected server crash in Next.js
- Details
-
Impact
When specific requests are made to the Next.js server it can cause an
unhandledRejectionin the server which can crash the process to exit in specific Node.js versions with strictunhandledRejectionhandling.Affected: All of the following must be true to be affected by this CVE
- Node.js version above v15.0.0 being used with strict
unhandledRejectionexiting - Next.js version v12.2.3
- Using next start or a custom server
- Node.js version above v15.0.0 being used with strict
Not affected: Deployments on Vercel (vercel.com) are not affected along with similar environments where
next-serverisn't being shared across requests.
Patches
https://github.com/vercel/next.js/releases/tag/v12.2.4
- Database specific
{ "github_reviewed_at": "2022-08-30T20:38:34Z", "cwe_ids": [ "CWE-248", "CWE-754" ], "severity": "MODERATE", "github_reviewed": true, "nvd_published_at": "2022-08-31T19:15:00Z" }- References
Affected packages
npm / next
Package
- Name
- next
- View open source insights on deps.dev
- Purl
- pkg:npm/next