Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2021-37699
HistoryAug 12, 2021 - 12:15 a.m.

CVE-2021-37699

2021-08-1200:15:06
CWE-601
[email protected]
web.nvd.nist.gov
6
next.js
open redirect
pages/_error.js
website development framework
react library
affected versions
static generation
phishing attacks
upgrade recommendation
patched release

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.3%

JSON

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker’s domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.

Affected configurations

Nvd
Node
vercelnext.jsRange10.0.510.2.0node.js
OR
vercelnext.jsRange11.0.011.0.1node.js

Related

cve 1
nodejs 1
osv 2
cnvd 1
cvelist 1
prion 1
github 1
ibm 2
cve
cve
CVE-2021-37699
2021-08-12 00:15:06
nodejs
nodejs
Open Redirect in Next.js
2021-08-12 14:51:58
osv
osv
Open Redirect in Next.js
2021-08-12 14:51:14
CVE-2021-37699
2021-08-12 00:15:06
cnvd
cnvd
ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)
2021-08-12 00:00:00
cvelist
cvelist
CVE-2021-37699 Open Redirect in Next.js versions below 11.1.0
2021-08-11 23:15:10
prion
prion
Open redirect
2021-08-12 00:15:00
github
github
Open Redirect in Next.js
2021-08-12 14:51:14
ibm
ibm
Security Bulletin: IBM QRadar User Behavior Analytics is vulnerable to components with known vulnerabilities
2023-08-31 10:37:02
Security Bulletin: Cloud Pak for Security contains packages that have multiple vulnerabilities
2022-04-01 16:38:26

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

29.3%

JSON
Related for NVD:CVE-2021-37699
cve1nodejs1osv2cnvd1cvelist1prion1github1ibm2