CVSS: 7.5EPSS: 0%CPEs: 14EXPL: 1CVE-2023-46298
https://notcve.org/view.php?id=CVE-2023-46298
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Next.js anterior a 13.4.20-canary.13 carece de un encabezado de control de caché y, por lo tanto, a veces una CDN puede almacenar en caché respuestas de captación previa vacías, lo que provoca una denegación de servicio a todos los usuarios que solicitan la misma URL a través de esa CDN. • https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13 https://github.com/vercel/next.js/issues/45301 https://github.com/vercel/next.js/pull/54732 •
CVSS: 5.0EPSS: 16%CPEs: 1EXPL: 0CVE-2020-5284 – Directory Traversal in Next.js versions below 9.3.2
https://notcve.org/view.php?id=CVE-2020-5284
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. • https://github.com/zeit/next.js/releases/tag/v9.3.2 https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16877
https://notcve.org/view.php?id=CVE-2017-16877
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. ZEIT Next.js en versiones anteriores a la 2.4.1 contiene salto de directorio en el espacio de nombre de petición /_next y /static, lo que permite que los atacantes obtengan información sensible. • https://github.com/ossf-cve-benchmark/CVE-2017-16877 https://github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00 https://github.com/zeit/next.js/releases/tag/2.4.1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •