Open Redirect

Affecting next package, versions <11.1.0

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

next is a react framwork.

Affected versions of this package are vulnerable to Open Redirect. Specially encoded paths could be used when pages/_error.js was statically generated, allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users, though it can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.

Remediation

Upgrade next to version 11.1.0 or higher.

References

CVSS Score

4.7
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Changed
  • Confidentiality
    Low
  • Integrity
    Low
  • Availability
    None
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
Credit
Unknown
CVE
CVE-2021-37699
CWE
CWE-601
Snyk ID
SNYK-JS-NEXT-1540422
Disclosed
12 Aug, 2021
Published
12 Aug, 2021