Launch Week Day 1: Announcing Security Design Review

Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page

GHSA-qw96-mm2g-c8m7 · CVE-2018-18282

Published Oct 15, 2018 · Modified Nov 8, 2023

Description

Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-18282
ADVISORY https://github.com/advisories/GHSA-qw96-mm2g-c8m7
PACKAGE https://github.com/zeit/next.js
WEB https://github.com/zeit/next.js/releases/tag/7.0.2

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes