2 matches found
CVE-2020-5284
Next.js versions before 9.3.2 are vulnerable to a local file traversal in the dist directory (.next). Attackers can craft HTTP requests to access files within dist/.next, potentially leading to information disclosure. The issue does not affect files outside dist/.next. A fix is available in Next....
CVE-2017-16877
CVE-2017-16877 affects ZEIT/Next.js versions prior to 2.4.1. Multiple connected sources describe a directory traversal flaw in the "/_next" and "/static" namespaces that can allow an attacker to obtain sensitive information from the server. The issue is categorized with high severity in several f...