Jescalan

**Name of the Vulnerable Software and Affected Versions** Next.js versions 12.0.0 through 12.0.8 **Description** The issue allows a bad actor to trigger a denial of service attack for anyone using i18n functionality. To be affected, one must use next start or a custom server and the built-in i18n support. Deployments on Vercel, along with similar environments where invalid requests are filtered before reaching Next.js, are not affected. **Recommendations** For Next.js versions 12.0.0 through 12.0.8, upgrade to `next@12.0.9` to mitigate the issue. As a temporary workaround, ensure `/${locale}/ next/` is blocked from reaching the Next.js instance until it becomes feasible to upgrade.