Open Redirection

2020-10-0900:40:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

open redirection

vulnerable

malicious domain

software

EPSS

0.001

Percentile

29.3%

JSON

next is vulnerable to open redirection. An attacker can provide maliciously encoded URL with the trailing slash to redirect users to a malicious domain.

References

github.com/vercel/next.js/commit/489cad36bcc95f93ce012712369a83809e91956d

github.com/vercel/next.js/releases/tag/v9.5.4

github.com/vercel/next.js/security/advisories/GHSA-x56p-c8cg-q435

github.com/zeit/next.js/releases/tag/v9.5.4

EPSS

0.001

Percentile

29.3%

JSON

Related for VERACODE:27551