Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-wff4-fpwg-qqv3

GitHub Security Advisory

Unexpected server crash in Next.js

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

### Impact

When specific requests are made to the Next.js server it can cause an `unhandledRejection` in the server which can crash the process to exit in specific Node.js versions with strict `unhandledRejection` handling.

- Affected: All of the following must be true to be affected by this CVE
- Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting
- Next.js version v12.2.3
- Using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server)

- Not affected: Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests.

### Patches
https://github.com/vercel/next.js/releases/tag/v12.2.4

Affected Packages

npm next
Affected versions: 12.2.3 (fixed in 12.2.4)

Related CVEs

CVE-2022-36046

Key Information

GHSA ID
GHSA-wff4-fpwg-qqv3
Published
August 30, 2022 8:38 PM
Last Modified
September 8, 2022 2:17 PM
CVSS Score
5.0 /10
Primary Ecosystem
npm
Primary Package
next
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 4, 2025 6:27 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.