CVE-2022-36046

Name of the Vulnerable Software and Affected Versions Next.js version 12.2.3

Description The issue affects Next.js when used with Node.js version above v15.0.0 and strict unhandledRejection exiting, and when using next start or a custom server. Specific requests to the Next.js server can cause an unhandledRejection in the server, leading to a process crash. Deployments on Vercel and similar environments where next-server isn't shared across requests are not affected.

Recommendations For Next.js version 12.2.3, update to version 12.2.4 or later to resolve the issue. As a temporary workaround, consider disabling the use of next start or custom servers until the update is applied. Restrict access to the custom server to minimize the risk of exploitation. Avoid using Node.js versions above v15.0.0 with strict unhandledRejection exiting until the issue is resolved.