CVE-2021-43803
Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.
Published
2021-12-10T00:15:11.827
Last Modified
2024-11-21T06:29:49.447
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 7.5 (HIGH)
CVSSv2 Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
- Access Vector: NETWORK
- Access Complexity: MEDIUM
- Authentication: NONE
- Confidentiality Impact: NONE
- Integrity Impact: NONE
- Availability Impact: PARTIAL
Exploitability Score
8.6
Impact Score
2.9
Weaknesses
-
Type: Secondary
CWE-20
-
Type: Primary
NVD-CWE-noinfo
Affected Vendors & Products
References
-
https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264
Patch, Third Party Advisory
([email protected])
-
https://github.com/vercel/next.js/pull/32080
Patch, Third Party Advisory
([email protected])
-
https://github.com/vercel/next.js/releases/tag/v11.1.3
Release Notes, Third Party Advisory
([email protected])
-
https://github.com/vercel/next.js/releases/v12.0.5
Release Notes, Third Party Advisory
([email protected])
-
https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx
Patch, Third Party Advisory
([email protected])
-
https://github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264
Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/vercel/next.js/pull/32080
Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/vercel/next.js/releases/tag/v11.1.3
Release Notes, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/vercel/next.js/releases/v12.0.5
Release Notes, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx
Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)