EPSS
Percentile
29.3%
next is vulnerable to open redirection. An attacker can provide maliciously encoded URL with the trailing slash to redirect users to a malicious domain.
github.com/vercel/next.js/commit/489cad36bcc95f93ce012712369a83809e91956d
github.com/vercel/next.js/releases/tag/v9.5.4
github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435
github.com/zeit/next.js/releases/tag/v9.5.4