Next.js

next.js

Vendor: Zeit • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-5284 1Zeit 1Next.js Nov 21, 2024 Mar 30, 2020 N/A· v4 4.3 MEDIUM· v3 5.0 MEDIUM· v2 Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.nex...Show more Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.Show less
CVE-2018-18282 1Zeit 1Next.js Nov 21, 2024 Oct 12, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.
CVE-2018-6184 1Zeit 1Next.js Nov 21, 2024 Jan 24, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
CVE-2017-16877 1Zeit 1Next.js May 13, 2026 Nov 17, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.