CVE-2017-16877
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-16877
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-16877.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2017-16877
- Aliases
- Withdrawn
- 2025-05-24T03:59:44.382124Z
- Published
- 2017-11-17T17:29:00Z
- Modified
- 2025-04-20T06:11:14.427517Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
- References
Affected packages
Git / github.com/vercel/next.js
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vercel/next.js
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
- Type
- GIT
- Repo
- https://github.com/zeit/next.js
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
1.*
1.0.0
1.0.1
1.0.2
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
2.*
2.0.0
2.0.0-beta.0
2.0.0-beta.1
2.0.0-beta.10
2.0.0-beta.11
2.0.0-beta.12
2.0.0-beta.13
2.0.0-beta.14
2.0.0-beta.15
2.0.0-beta.16
2.0.0-beta.17
2.0.0-beta.18
2.0.0-beta.19
2.0.0-beta.2
2.0.0-beta.20
2.0.0-beta.21
2.0.0-beta.22
2.0.0-beta.23
2.0.0-beta.24
2.0.0-beta.25
2.0.0-beta.26
2.0.0-beta.27
2.0.0-beta.28
2.0.0-beta.29
2.0.0-beta.3
2.0.0-beta.30
2.0.0-beta.31
2.0.0-beta.32
2.0.0-beta.33
2.0.0-beta.34
2.0.0-beta.35
2.0.0-beta.36
2.0.0-beta.37
2.0.0-beta.38
2.0.0-beta.39
2.0.0-beta.4
2.0.0-beta.40
2.0.0-beta.41
2.0.0-beta.42
2.0.0-beta.5
2.0.0-beta.6
2.0.0-beta.7
2.0.0-beta.8
2.0.0-beta.9
2.0.1
2.1.0
2.1.1
2.2.0
2.3.0
2.3.1
2.3.2
2.4.0