Version 0.0.3

nextjs

The fastest async handler in node.js

Install Instructions

npm install nextjs
Current Version Release Date December 14, 2013
Language JavaScript/TypeScript
Package URL (purl) pkg:npm/nextjs@0.0.3

Find nextjs vulnerabilities in your supply chain.

Scan for Free

nextjs Vulnerabilities

Sort by
icon CVE (Latest)
  • icon CVE (Latest)
  • icon CVE (Oldest)
  • icon CVSS Score (Highest)
  • icon CVSS Score (Lowest)
CVE question mark icon CVSS Score question mark icon CWE(s) question mark icon EPSS Score question mark icon EPSS % question mark icon Impacted Versions
CVE-2020-5284 Medium 4.3 CWE-22 0.16648 0.96183
  • 0.0.1–0.0.3

nextjs Vulnerability Remediation Guidance

CVE Description Full list of Impacted Versions Fix
CVE-2020-5284 Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2. 0.0.2, 0.0.1, 0.0.3 Patch → NO_SAFE_VERSION

Instantly see if these nextjs vulnerabilities affect your code.

Scan for Free