Next.js Security Vulnerabilities and Issues — Next.js CVE List | Vulners.com

Lucene search

K

ZeitNext.js

4 matches found

CVE•added 2020/03/30 10:15 p.m.•146 views

CVE-2020-5284

Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your applicat...

5CVSS4.2AI score0.77318EPSS

CVE•added 2017/11/17 5:29 p.m.•77 views

CVE-2017-16877

ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

7.5CVSS7.4AI score0.83198EPSS

CVE•added 2018/01/24 10:29 a.m.•67 views

CVE-2018-6184

ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.

7.5CVSS7.5AI score0.50169EPSS

CVE•added 2018/10/12 10:29 p.m.•40 views

CVE-2018-18282

Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.

6.1CVSS5.9AI score0.00276EPSS