Skip to main content

Improper Check for Unusual or Exceptional Conditions

CVE-2022-36046

Severity Medium
Score 5.3/10

Summary

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.1.1-canary.1 through 12.2.4-canary.3, Node.js version above version 15.0.0 being used with strict "unhandledRejection" exiting AND using next start or a custom server. Deployments on Vercel are not affected along with similar environments where "next-server" isn't being shared across requests.

  • HIGH
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • HIGH

CWE-754 - Improper Check for Unusual or Exceptional Conditions

The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.

Advisory Timeline

  • Published