WEB APPLICATION VULNERABILITIES Standard & Premium

Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2017-16877)

Description

ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

Remediation

References

Related Vulnerabilities

WordPress Plugin WishList Member X SQL Injection (3.25.1)

Oracle JRE CVE-2013-5838 Vulnerability (CVE-2013-5838)

MongoDb Incorrect Comparison Vulnerability (CVE-2019-20925)

WordPress Plugin Search Logger-Know What Your Visitors Search SQL Injection (0.9)

WordPress Plugin Easy Preloader Cross-Site Scripting (1.0.0)

Severity

High

Classification

CVE-2017-16877 CWE-22 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities