Severity: moderate

Path Traversal

next

Overview

Versions of next prior to 9.3.2 are vulnerable to Path Traversal. The package failed to restrict access to arbitrary files inside the dist directory through specially-crafted HTTP requests. It is not possible to access files outside of the dist directory.

Remediation

Upgrade to version 9.3.2 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    May 19th, 2020
  2. reported

    Reported by Luca Carettoni
    Apr 6th, 2020