=====================================================================

                                  CERT-Renater

                      Note d'Information No. 2022/VULN311

_____________________________________________________________________

DATE                : 01/09/2022

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Next.js versions prior to 12.2.4.

=====================================================================
https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3
_____________________________________________________________________


Unexpected server crash in Next.js version 12.2.3

Moderate
ijjk published GHSA-wff4-fpwg-qqv3 Aug 24, 2022


Package
next (npm)

Affected versions
12.2.3
Patched versions
12.2.4


Description

Impact

When specific requests are made to the Next.js server it can cause
an unhandledRejection in the server which can crash the process to
exit in specific Node.js versions with strict unhandledRejection
handling.

     Affected: All of the following must be true to be affected 
       by this CVE
         Node.js version above v15.0.0 being used with strict 
unhandledRejection exiting
         Next.js version v12.2.3
         Using next start or a custom server

     Not affected: Deployments on Vercel (vercel.com) are not
     affected along with similar environments where next-server
     isn't being shared across requests.


Patches

https://github.com/vercel/next.js/releases/tag/v12.2.4


Severity
Moderate

CVE ID
CVE-2022-36046

Weaknesses
No CWEs


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================