2 matches found
CVE-2020-5284 Directory Traversal in Next.js versions below 9.3.2
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory .next. This does not affect files outside of the dist directory .next. In general, the dist directory only holds build assets unless your applicatio...
CVE-2020-5284
Next.js versions before 9.3.2 are vulnerable to a local file traversal in the dist directory (.next). Attackers can craft HTTP requests to access files within dist/.next, potentially leading to information disclosure. The issue does not affect files outside dist/.next. A fix is available in Next....