CVE-2022-36046

EPSS 0.41%
Veröffentlicht 31.08.2022 19:15:08
Zuletzt bearbeitet 21.11.2024 07:12:15
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn't being shared across requests.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Vercel ≫ Next.Js Version12.2.3 SwPlatformnode.js

Nodejs ≫ Node.Js SwEdition- Version >= 15.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.609

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
security-advisories@github.com	5.3	1.6	3.6	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-248 Uncaught Exception

An exception is thrown from a function, but it is not caught.

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://github.com/vercel/next.js/releases/tag/v12.2.4

Third Party Advisory

Release Notes

https://github.com/vercel/next.js/security/advisories/GHSA-wff4-fpwg-qqv3

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-36046

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-36046

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-36046

EUVD