GMS-2022-3782: Duplicate of ./npm/next/CVE-2022-36046.yml

August 30, 2022

Impact

When specific requests are made to the Next.js server it can cause an unhandledRejection in the server which can crash the process to exit in specific Node.js versions with strict unhandledRejection handling.

Affected: All of the following must be true to be affected by this CVE
Node.js version above v15.0.0 being used with strict unhandledRejection exiting
Next.js version v12.2.3
Using next start or a custom server
Not affected: Deployments on Vercel (vercel.com) are not affected along with similar environments where next-server isn’t being shared across requests.

Patches

https://github.com/vercel/next.js/releases/tag/v12.2.4

References

github.com/advisories/GHSA-wff4-fpwg-qqv3
github.com/vercel/next.js/releases/tag/v12.2.4
github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3

Detect and mitigate GMS-2022-3782 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →