GHSA-fq77-7p7r-83rj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-fq77-7p7r-83rj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/03/GHSA-fq77-7p7r-83rj/GHSA-fq77-7p7r-83rj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-fq77-7p7r-83rj
- Aliases
- Related
- Published
- 2020-03-30T20:40:50Z
- Modified
- 2025-09-26T17:49:56Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- Directory Traversal in Next.js
- Details
-
Impact
- Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
- Not affected: Deployments using the
serverlesstarget - Not affected: Deployments using
next export - Affected: Users of Next.js below 9.3.2
We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.
Patches
https://github.com/zeit/next.js/releases/tag/v9.3.2
References
https://github.com/zeit/next.js/releases/tag/v9.3.2
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-23" ], "nvd_published_at": null, "severity": "MODERATE", "github_reviewed_at": "2020-03-30T20:40:39Z" }- References
Affected packages
npm / next
Package
- Name
- next
- View open source insights on deps.dev
- Purl
- pkg:npm/next