Severity: moderate

Path Traversal



Versions of next prior to 9.3.2 are vulnerable to Path Traversal. The package failed to restrict access to arbitrary files inside the dist directory through specially-crafted HTTP requests. It is not possible to access files outside of the dist directory.


Upgrade to version 9.3.2 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    May 19th, 2020
  2. reported

    Reported by Luca Carettoni
    Apr 6th, 2020