Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-16877)

Description

ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

Remediation

References

Related Vulnerabilities

Oracle Application Server CVE-2008-4017 Vulnerability (CVE-2008-4017)

Apache HTTP Server Out-of-bounds Read Vulnerability (CVE-2023-31122)

WordPress Plugin Question Answer Multiple Cross-Site Scripting Vulnerabilities (1.2.30)

WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)

Ruby Improper Input Validation Vulnerability (CVE-2017-6181)

Severity

High

Classification

CVE-2017-16877 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities