CVSS: 5.0EPSS: 77%CPEs: 1EXPL: 0CVE-2020-5284 – Directory Traversal in Next.js versions below 9.3.2
https://notcve.org/view.php?id=CVE-2020-5284
30 Mar 2020 — Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. • https://github.com/zeit/next.js/releases/tag/v9.3.2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-18282
https://notcve.org/view.php?id=CVE-2018-18282
12 Oct 2018 — Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page. Next.js 7.0.0 y 7.0.1 tiene Cross-Site Scripting (XSS) mediante las páginas /_error 404 o 500. • https://github.com/ossf-cve-benchmark/CVE-2018-18282 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 50%CPEs: 17EXPL: 1CVE-2018-6184
https://notcve.org/view.php?id=CVE-2018-6184
24 Jan 2018 — ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace. ZEIT Next.js 4 en versiones anteriores a la 4.2.3 tiene un salto de directorio bajo el espacio de nombre de petición /_next. • https://github.com/ossf-cve-benchmark/CVE-2018-6184 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 83%CPEs: 1EXPL: 1CVE-2017-16877
https://notcve.org/view.php?id=CVE-2017-16877
17 Nov 2017 — ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information. ZEIT Next.js en versiones anteriores a la 2.4.1 contiene salto de directorio en el espacio de nombre de petición /_next y /static, lo que permite que los atacantes obtengan información sensible. • https://github.com/ossf-cve-benchmark/CVE-2017-16877 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •