CVE-2022-36046
First published: Wed Aug 31 2022(Updated: )
Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Vercel Next.js | =12.2.3 | |
| Nodejs Node.js | >=15.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-36046?
The severity of CVE-2022-36046 is medium with a severity value of 5.3.
What is affected by CVE-2022-36046?
Next.js version 12.2.3 and Node.js version above v15.0.0 with strict `unhandledRejection` exiting and using next start or a custom server are affected by CVE-2022-36046.
How can I fix CVE-2022-36046?
Update Next.js to version 12.2.4 or later.
Where can I find more information about CVE-2022-36046?
You can find more information about CVE-2022-36046 on the Next.js releases page (https://github.com/vercel/next.js/releases/tag/v12.2.4) and the Next.js security advisories page (https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3).
What is the CWE of CVE-2022-36046?
The CWE of CVE-2022-36046 is 754 and 248.
- collector/nvd-index
- vendor/vercel
- canonical/vercel next.js
- version/vercel next.js/12.2.3
- vendor/nodejs
- canonical/nodejs node.js
- version/nodejs node.js/15.0.0