Skip to content

Directory Traversal in Next.js versions below 9.3.2

Moderate
timneutkens published GHSA-fq77-7p7r-83rj Mar 30, 2020

Package

npm next (npm)

Affected versions

< 9.3.2

Patched versions

9.3.2

Description

Impact

  • Not affected: Deployments on ZEIT Now v2 (https://zeit.co) are not affected
  • Not affected: Deployments using the serverless target
  • Not affected: Deployments using next export
  • Affected: Users of Next.js below 9.3.2

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/zeit/next.js/releases/tag/v9.3.2

References

https://github.com/zeit/next.js/releases/tag/v9.3.2

Severity

Moderate

CVE ID

CVE-2020-5284

Weaknesses

No CWEs