Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-43803


Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.


Published

2021-12-10T00:15:11.827

Last Modified

2024-11-21T06:29:49.447

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: PARTIAL
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-20
  • Type: Primary
    NVD-CWE-noinfo

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application vercel next.js < 11.1.3 Yes
Application vercel next.js < 12.0.5 Yes
Application nodejs node.js > 15.0.0 No

References