ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
7.5CVSS
7.4AI Score
0.003EPSS
6.1CVSS
5.9AI Score
0.001EPSS
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
7.5CVSS
7.5AI Score
0.004EPSS
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your applicat...
4.4CVSS
4.2AI Score
0.166EPSS