2 matches found
5aces-client-web (>=1.0.1 <=1.0.6), @bani2812/teasilent (=1.1.4) +18 more potentially affected by CVE-2017-16877 via next (>=1.2.3 <=2.2.0)
next NPM version =1.2.3, =1.0.1, =0.0.109, =0.1.1, =0.0.3-beta.1, =0.6.0, =2.1.0, =0.1.5, =0.1.6 and more Source cves: CVE-2017-16877 Source advisory: OSV:GHSA-3F5C-4QXJ-VMPF...
CVE-2017-16877
CVE-2017-16877 affects ZEIT/Next.js versions prior to 2.4.1. Multiple connected sources describe a directory traversal flaw in the "/_next" and "/static" namespaces that can allow an attacker to obtain sensitive information from the server. The issue is categorized with high severity in several f...