Launch Week Day 1: Announcing Security Design Review

Open Redirect in Next.js versions

GHSA-x56p-c8cg-q435 · CVE-2020-15242

Published Oct 8, 2020 · Modified Mar 13, 2026

Description

Impact

Affected: Users of Next.js between 9.5.0 and 9.5.3
Not affected: Deployments on Vercel (https://vercel.com) are not affected
Not affected: Deployments using next export

We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.

Patches

https://github.com/vercel/next.js/releases/tag/v9.5.4

References

https://github.com/vercel/next.js/releases/tag/v9.5.4

References

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes