GitHub_MCVELIST:CVE-2020-5284CVE-2020-5284 Directory Traversal in Next.js versions below 9.3.2
4.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.7%
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.
CNA Affected
[
{
"product": "next.js",
"vendor": "zeit",
"versions": [
{
"status": "affected",
"version": "< 9.3.2"
}
]
}
]Related
4.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
4.3 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
59.7%