Search
Find a vulnerability
Search criteria
8 vulnerabilities found for next.js by zeit
CVE-2020-5284 (GCVE-0-2020-5284)
Vulnerability from nvd – Published: 2020-03-30 20:40 – Updated: 2024-08-04 08:22
VLAI
EPSS
VEX
Title
Directory Traversal in Next.js versions below 9.3.2
Summary
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.
Severity
4.4 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/zeit/next.js/security/advisori… | x_refsource_CONFIRM |
| https://github.com/zeit/next.js/releases/tag/v9.3.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zeit/next.js/releases/tag/v9.3.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "next.js",
"vendor": "zeit",
"versions": [
{
"status": "affected",
"version": "\u003c 9.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T20:40:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zeit/next.js/releases/tag/v9.3.2"
}
],
"source": {
"advisory": "GHSA-fq77-7p7r-83rj",
"discovery": "UNKNOWN"
},
"title": "Directory Traversal in Next.js versions below 9.3.2",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5284",
"STATE": "PUBLIC",
"TITLE": "Directory Traversal in Next.js versions below 9.3.2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "next.js",
"version": {
"version_data": [
{
"version_value": "\u003c 9.3.2"
}
]
}
}
]
},
"vendor_name": "zeit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj",
"refsource": "CONFIRM",
"url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
},
{
"name": "https://github.com/zeit/next.js/releases/tag/v9.3.2",
"refsource": "MISC",
"url": "https://github.com/zeit/next.js/releases/tag/v9.3.2"
}
]
},
"source": {
"advisory": "GHSA-fq77-7p7r-83rj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5284",
"datePublished": "2020-03-30T20:40:11.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18282 (GCVE-0-2018-18282)
Vulnerability from nvd – Published: 2018-10-12 22:00 – Updated: 2024-09-16 16:33
VLAI
EPSS
VEX
Summary
Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/zeit/next.js/releases/tag/7.0.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zeit/next.js/releases/tag/7.0.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zeit/next.js/releases/tag/7.0.2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeit/next.js/releases/tag/7.0.2",
"refsource": "MISC",
"url": "https://github.com/zeit/next.js/releases/tag/7.0.2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18282",
"datePublished": "2018-10-12T22:00:00.000Z",
"dateReserved": "2018-10-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:33:11.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6184 (GCVE-0-2018-6184)
Vulnerability from nvd – Published: 2018-01-24 10:00 – Updated: 2024-08-05 05:54
VLAI
EPSS
VEX
Summary
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/zeit/next.js/releases/tag/4.2.3 | x_refsource_CONFIRM |
Date Public
2018-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:53.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeit/next.js/releases/tag/4.2.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeit/next.js/releases/tag/4.2.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeit/next.js/releases/tag/4.2.3",
"refsource": "CONFIRM",
"url": "https://github.com/zeit/next.js/releases/tag/4.2.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6184",
"datePublished": "2018-01-24T10:00:00.000Z",
"dateReserved": "2018-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:54:53.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16877 (GCVE-0-2017-16877)
Vulnerability from nvd – Published: 2017-11-17 17:00 – Updated: 2024-09-17 02:31
VLAI
EPSS
VEX
Summary
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public
2017-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zeit/next.js/releases/tag/2.4.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T21:55:37.660Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zeit/next.js/releases/tag/2.4.1"
},
{
"url": "https://github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16877",
"datePublished": "2017-11-17T17:00:00.000Z",
"dateReserved": "2017-11-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:11.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5284 (GCVE-0-2020-5284)
Vulnerability from cvelistv5 – Published: 2020-03-30 20:40 – Updated: 2024-08-04 08:22
VLAI
EPSS
VEX
Title
Directory Traversal in Next.js versions below 9.3.2
Summary
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.
Severity
4.4 (Medium)
CWE
- CWE-23 - Relative Path Traversal
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/zeit/next.js/security/advisori… | x_refsource_CONFIRM |
| https://github.com/zeit/next.js/releases/tag/v9.3.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:22:09.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zeit/next.js/releases/tag/v9.3.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "next.js",
"vendor": "zeit",
"versions": [
{
"status": "affected",
"version": "\u003c 9.3.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-30T20:40:11.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zeit/next.js/releases/tag/v9.3.2"
}
],
"source": {
"advisory": "GHSA-fq77-7p7r-83rj",
"discovery": "UNKNOWN"
},
"title": "Directory Traversal in Next.js versions below 9.3.2",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-5284",
"STATE": "PUBLIC",
"TITLE": "Directory Traversal in Next.js versions below 9.3.2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "next.js",
"version": {
"version_data": [
{
"version_value": "\u003c 9.3.2"
}
]
}
}
]
},
"vendor_name": "zeit"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-23: Relative Path Traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj",
"refsource": "CONFIRM",
"url": "https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj"
},
{
"name": "https://github.com/zeit/next.js/releases/tag/v9.3.2",
"refsource": "MISC",
"url": "https://github.com/zeit/next.js/releases/tag/v9.3.2"
}
]
},
"source": {
"advisory": "GHSA-fq77-7p7r-83rj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-5284",
"datePublished": "2020-03-30T20:40:11.000Z",
"dateReserved": "2020-01-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T08:22:09.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18282 (GCVE-0-2018-18282)
Vulnerability from cvelistv5 – Published: 2018-10-12 22:00 – Updated: 2024-09-16 16:33
VLAI
EPSS
VEX
Summary
Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/zeit/next.js/releases/tag/7.0.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.378Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/zeit/next.js/releases/tag/7.0.2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T22:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/zeit/next.js/releases/tag/7.0.2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeit/next.js/releases/tag/7.0.2",
"refsource": "MISC",
"url": "https://github.com/zeit/next.js/releases/tag/7.0.2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18282",
"datePublished": "2018-10-12T22:00:00.000Z",
"dateReserved": "2018-10-12T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:33:11.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6184 (GCVE-0-2018-6184)
Vulnerability from cvelistv5 – Published: 2018-01-24 10:00 – Updated: 2024-08-05 05:54
VLAI
EPSS
VEX
Summary
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/zeit/next.js/releases/tag/4.2.3 | x_refsource_CONFIRM |
Date Public
2018-01-24 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:54:53.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/zeit/next.js/releases/tag/4.2.3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/zeit/next.js/releases/tag/4.2.3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/zeit/next.js/releases/tag/4.2.3",
"refsource": "CONFIRM",
"url": "https://github.com/zeit/next.js/releases/tag/4.2.3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6184",
"datePublished": "2018-01-24T10:00:00.000Z",
"dateReserved": "2018-01-24T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:54:53.307Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-16877 (GCVE-0-2017-16877)
Vulnerability from cvelistv5 – Published: 2017-11-17 17:00 – Updated: 2024-09-17 02:31
VLAI
EPSS
VEX
Summary
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
Date Public
2017-11-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T20:35:21.292Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/zeit/next.js/releases/tag/2.4.1"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-11-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-07T21:55:37.660Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/zeit/next.js/releases/tag/2.4.1"
},
{
"url": "https://github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-16877",
"datePublished": "2017-11-17T17:00:00.000Z",
"dateReserved": "2017-11-17T00:00:00.000Z",
"dateUpdated": "2024-09-17T02:31:11.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}