Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Next.Js Security Vulnerabilities

cve
cve

CVE-2017-16877

ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

7.5CVSS

7.4AI Score

0.003EPSS

2017-11-17 05:29 PM
44
cve
cve

CVE-2018-18282

Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.

6.1CVSS

5.9AI Score

0.001EPSS

2018-10-12 10:29 PM
33
cve
cve

CVE-2018-6184

ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.

7.5CVSS

7.5AI Score

0.004EPSS

2018-01-24 10:29 AM
33
cve
cve

CVE-2020-5284

Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your applicat...

4.4CVSS

4.2AI Score

0.166EPSS

2020-03-30 10:15 PM
123
3