Severity: moderate

    Path Traversal

    next

    Overview

    Versions of next prior to 9.3.2 are vulnerable to Path Traversal. The package failed to restrict access to arbitrary files inside the dist directory through specially-crafted HTTP requests. It is not possible to access files outside of the dist directory.

    Remediation

    Upgrade to version 9.3.2 or later.

    Have content suggestions? Visit npmjs.com/support.

    Advisory timeline

    1. published

      Advisory Published
      May 19th, 2020
    2. reported

      Reported by Luca Carettoni
      Apr 6th, 2020