next is a react framwork.
Affected versions of this package are vulnerable to Open Redirect. Specially encoded paths could be used when
pages/_error.js was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users, though it can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.
next to version 11.1.0 or higher.