CVE-2021-43803: Improper Input Validation
(updated )
Next handling invalid or malformed URLs could lead to a server crash. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js.
References
- github.com/vercel/next.js/commit/6d98b4fb4315dec1badecf0e9bdc212a4272b264
- github.com/vercel/next.js/pull/32080
- github.com/vercel/next.js/releases/tag/v11.1.3
- github.com/vercel/next.js/releases/v12.0.5
- github.com/vercel/next.js/security/advisories/GHSA-25mp-g6fv-mqxx
- nvd.nist.gov/vuln/detail/CVE-2021-43803
Detect and mitigate CVE-2021-43803 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →