Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejsAnonymousNODEJS:1778
HistoryAug 12, 2021 - 2:51 p.m.

Open Redirect in Next.js

2021-08-1214:51:58
Anonymous
www.npmjs.com
63
JSON

Overview

In next (aka Next.js) before version 11.1.0 there is an Open Redirect vulnerability.

Impact

  • Affected: Users of Next.js between 10.0.5 and 10.2.0
  • Affected: Users of Next.js between 11.0.0 and 11.0.1 using pages/_error.js without getInitialProps
  • Affected: Users of Next.js between 11.0.0 and 11.0.1 using pages/_error.js and next export
  • Not affected: Deployments on Vercel (vercel.com) are not affected
  • Not affected: Deploymentswith pages/404.js

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/vercel/next.js/releases/tag/v11.1.0

Recommendation

Upgrade to version 11.1.0 or later

References

CPENameOperatorVersion
nextlt11.1.0

Related

cve 1
osv 2
cnvd 1
cvelist 1
prion 1
github 1
ibm 2
cve
cve
CVE-2021-37699
2021-08-12 00:15:00
osv
osv
Open Redirect in Next.js
2021-08-12 14:51:14
CVE-2021-37699
2021-08-12 00:15:06
cnvd
cnvd
ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)
2021-08-12 00:00:00
cvelist
cvelist
CVE-2021-37699 Open Redirect in Next.js versions below 11.1.0
2021-08-11 23:15:10
prion
prion
Open redirect
2021-08-12 00:15:00
github
github
Open Redirect in Next.js
2021-08-12 14:51:14
ibm
ibm
Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities
2023-08-31 10:37:02
Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities
2022-04-01 16:38:26
JSON
Related for NODEJS:1778
cve1osv2cnvd1cvelist1prion1github1ibm2