ByteOS Network

NVD Vulnerability Details :

CVE-2021-43803

Analyzed

Source-security-advisories@github.com

Published At-10 Dec, 2021 | 00:15

Updated At-12 Mar, 2024 | 16:03

Next.js is a React framework. In versions of Next.js prior to 12.0.5 or 11.1.3, invalid or malformed URLs could lead to a server crash. In order to be affected by this issue, the deployment must use Next.js versions above 11.1.0 and below 12.0.5, Node.js above 15.0.0, and next start or a custom server. Deployments on Vercel are not affected, along with similar environments where invalid requests are filtered before reaching Next.js. Versions 12.0.5 and 11.1.3 contain patches for this issue.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary	2.0	4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:N/A:P

Type: Primary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Primary

Version: 2.0

Base score: 4.3

Base severity: MEDIUM

Vector:

AV:N/AC:M/Au:N/C:N/I:N/A:P

CPE Matches

Node.js (OpenJS Foundation)

>>node.js>>Versions after 15.0.0(exclusive)

cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*

vercel>>next.js>>Versions from 11.1.0(inclusive) to 11.1.3(exclusive)

cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*

vercel>>next.js>>Versions from 12.0.0(inclusive) to 12.0.5(exclusive)

cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov
CWE-20	Secondary	security-advisories@github.com

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-20

Type: Secondary