Severity: moderate

    Path Traversal



    Versions of next prior to 9.3.2 are vulnerable to Path Traversal. The package failed to restrict access to arbitrary files inside the dist directory through specially-crafted HTTP requests. It is not possible to access files outside of the dist directory.


    Upgrade to version 9.3.2 or later.

    Have content suggestions? Visit

    Advisory timeline

    1. published

      Advisory Published
      May 19th, 2020
    2. reported

      Reported by Luca Carettoni
      Apr 6th, 2020