Affecting next package, versions <2.4.1 || >=3.0.0-beta1 <3.0.0-beta7
next is Minimalistic framework for server-rendered React applications.
Affected versions of the package are vulnerable to Directory Traversal via the
/static request namespaces. An attacker can craft a request that may potentially access sensitive information in the server filesystem.
next to version 2.4.1 or higher.
Do your applications use this vulnerable package?
- Snyk ID
- 31 May, 2017
- 12 Jun, 2017