Nextjs <2.4.1 - Local File Inclusion

ZEIT Next.js before 2.4.1 is susceptible to local file inclusion via the /next and /static request namespace, allowing attackers to obtain sensitive information. id: CVE-2017-16877 info: name: Nextjs 2.4.1 - Local File Inclusion author: pikpikcu severity: high description: ZEIT Next.js before 2.4...

Zeit Next.js < 4.2.3 - Local File Inclusion

Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2018-6184 info: name: Zeit Next.js =4.2...

Next.js <9.3.2 - Local File Inclusion

Next.js versions before 9.3.2 are vulnerable to local file inclusion. An attacker can craft special requests to access files in the dist directory .next. This does not affect files outside of the dist directory .next. In general, the dist directory only holds build assets unless your application...

ZEIT Next.js Remote Code Execution Vulnerability

Next.js is a React framework for building full-stack web applications. ZEIT Next.js suffers from a remote code execution vulnerability that stems from Next.js versions 15.x and 16.x relying on a flawed React server-side DOM package when using App Router, which can be exploited by an attacker to...

EUVD-2001-1503

Malware in sbrugna...

zeit-raum.de Cross Site Scripting vulnerability OBB-3944586

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ZEIT Next.js 环境问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. An environmental issue vulnerability exists in ZEIT Next.js versions 13.4 through prior to 13.5.1 that stems from the presence of a response queue poisoning vulnerability...

ZEIT Next.js代码问题漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A code issue vulnerability exists in ZEIT Next.js versions 13.4 through prior to 14.1.1 that stems from the presence of a server-side request forgery SSRF vulnerability...

zeit-raum.de Cross Site Scripting vulnerability OBB-3895092

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ZEIT Next.js Security Vulnerability

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A security vulnerability exists in versions prior to Next.js 13.4.20-canary.13 that stems from a missing cache control header, which can lead to a denial of service...

zeit-raum.de Cross Site Scripting vulnerability OBB-3409185

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ZEIT Next.js NextAuth.js Cross-Site Scripting Vulnerability

ZEIT Next.js is a ZEIT company based on Vue.js, Node.js, Webpack and Babel.js open source web application framework . NextAuth.js is Next.js authentication . ZEIT Next.js NextAuth.js suffers from a cross-site scripting vulnerability. The vulnerability stems from the program's lack of data...

ZEIT Next.js 安全漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A security vulnerability exists in ZEIT Next.js that stems from the product's UI not restricting the display of critical information. An attacker could cause information leakage by...

ZEIT Next.js Cross-Site Scripting Vulnerability

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. Next.js versions 10.0.0 to 11.0.0 have a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary js commands...

ZEIT Next.js 跨站脚本漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. Next.js versions 10.0.0 to 11.0.0 have a cross-site scripting vulnerability that can be exploited by attackers to execute arbitrary js commands...

ZEIT Next.js Input Validation Error Vulnerability (CNVD-2021-61800)

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...

ZEIT Next.js 输入验证错误漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack, and Babel.js. ZEIT Next.js is vulnerable to an input validation error in versions prior to 11.1.0, which stems from a web system or product that does not properly validate input data. An attacker...

ZEIT Next.js Input Validation Error Vulnerability

ZEIT Next.js is a ZEIT company based on Vue.js, Node.js, Webpack and Babel.js open source Web application framework. An input validation error vulnerability exists in ZEIT Next.js. The vulnerability stems from a web system or product that does not properly validate input data. No detailed...

ZEIT Next.js path traversal vulnerability

ZEIT Next.js is a ZEIT company based on Vue.js, Node.js, Webpack and Babel.js open source Web application framework. A path traversal vulnerability exists in ZEIT Next.js versions prior to 9.3.2. The vulnerability stems from a failure of a web system or product to properly filter for special...

GHSA-FQ77-7P7R-83RJ Directory Traversal in Next.js

Impact - Not affected: Deployments on ZEIT Now v2 https://zeit.co are not affected - Not affected: Deployments using the serverless target - Not affected: Deployments using next export - Affected: Users of Next.js below 9.3.2 We recommend everyone to upgrade regardless of whether you can reproduc...