Description

Next.js is a minimalistic framework for server-rendered React applications.

A directory traversal issue exists on Next.js versions lower than 2.4.1. This issues affects the /_next and /static request namespaces. An attacker can craft a request that accesses potentially sensitive information in your filesystem.

Remediation

Upgrade to the latest version of Next.js (this issue was fixed in Next.js version 2.4.1).

References

Related Vulnerabilities