CVE-2020-15242

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-15242
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15242.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-15242
Aliases
Related
Published
2020-10-08T20:15:19.493Z
Modified
2026-04-10T04:22:53.449682Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4.

References

Affected packages

Git / github.com/vercel/next.js

Affected ranges

Type
GIT
Repo
https://github.com/vercel/next.js
Events
Introduced
d33dbea8dc684003a8d7babce58b60140089c6e1
Fixed
658810815035e55a7031f27c5a6f3c01baa31ccf
Database specific 
{
    "versions": [
        {
            "introduced": "9.5.0"
        },
        {
            "fixed": "9.5.4"
        }
    ]
}

Affected versions

v9.*
v9.5.0
v9.5.1
v9.5.1-canary.0
v9.5.1-canary.1
v9.5.1-canary.2
v9.5.1-canary.3
v9.5.2
v9.5.2-canary.0
v9.5.2-canary.1
v9.5.2-canary.10
v9.5.2-canary.11
v9.5.2-canary.12
v9.5.2-canary.13
v9.5.2-canary.14
v9.5.2-canary.15
v9.5.2-canary.16
v9.5.2-canary.17
v9.5.2-canary.18
v9.5.2-canary.2
v9.5.2-canary.3
v9.5.2-canary.4
v9.5.2-canary.5
v9.5.2-canary.6
v9.5.2-canary.7
v9.5.2-canary.8
v9.5.2-canary.9
v9.5.3
v9.5.3-canary.0
v9.5.3-canary.1
v9.5.3-canary.10
v9.5.3-canary.11
v9.5.3-canary.12
v9.5.3-canary.13
v9.5.3-canary.14
v9.5.3-canary.15
v9.5.3-canary.16
v9.5.3-canary.17
v9.5.3-canary.18
v9.5.3-canary.19
v9.5.3-canary.2
v9.5.3-canary.20
v9.5.3-canary.21
v9.5.3-canary.22
v9.5.3-canary.23
v9.5.3-canary.24
v9.5.3-canary.25
v9.5.3-canary.26
v9.5.3-canary.27
v9.5.3-canary.3
v9.5.3-canary.4
v9.5.3-canary.5
v9.5.3-canary.6
v9.5.3-canary.7
v9.5.3-canary.8
v9.5.3-canary.9
v9.5.4-canary.0
v9.5.4-canary.1
v9.5.4-canary.10
v9.5.4-canary.11
v9.5.4-canary.12
v9.5.4-canary.13
v9.5.4-canary.14
v9.5.4-canary.15
v9.5.4-canary.16
v9.5.4-canary.17
v9.5.4-canary.18
v9.5.4-canary.19
v9.5.4-canary.2
v9.5.4-canary.20
v9.5.4-canary.21
v9.5.4-canary.22
v9.5.4-canary.23
v9.5.4-canary.24
v9.5.4-canary.25
v9.5.4-canary.3
v9.5.4-canary.4
v9.5.4-canary.5
v9.5.4-canary.6
v9.5.4-canary.7
v9.5.4-canary.8
v9.5.4-canary.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15242.json"