Description

Affected versions of Next.js are vulnerable to Path Traversal. Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This vulnerability does not affect files outside of the dist directory (.next).

Directory traversal vulnerabilities enable attackers to read arbitrary files on the server filesystem, which can result in exposure of sensitive information, such as configuration files, user data or other system files. By exploiting these vulnerabilities, an attacker could potentially gain access to system data, credentials or secret keys, leading to a broad range of potential attacks, including privilege escalation, data theft, or unauthorized system access.

Remediation

Update to version 9.3.2 or later: Patched versions of Next.js have been released to address this vulnerability. Update your Next.js version to 9.3.2 or later to protect against this vulnerability.

References

Next.js v9.3.2 release notes

Related Vulnerabilities

WordPress 5.5.x Multiple Vulnerabilities (5.5 - 5.5.11)

WordPress Plugin WP Super Cache Multiple Vulnerabilities (1.4.4)

WordPress Plugin Simple Download Button Shortcode 'file' Parameter Information Disclosure (1.0)

Nginx Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2009-3898)

MediaWiki Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2011-0537)

Severity

Medium

Classification

CVE-2020-5284 CWE-22 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal