Launch Week Day 1: Announcing Security Design Review
Start for Free
HIGH 7.5 npm

Next.js Directory Traversal Vulnerability

GHSA-3f5c-4qxj-vmpf · CVE-2017-16877

Published · Modified

Description

Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes