CVE-2021-37699

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-37699

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37699.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-37699

Aliases

GHSA-vxf5-wxwp-m7g9

Related

GHSA-vxf5-wxwp-m7g9

Published

2021-08-12T00:15:06.997Z

Modified

2026-02-02T13:19:09.318707Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.

References

Affected packages

Git / github.com/vercel/next.js

Affected ranges

Type: GIT
Repo: https://github.com/vercel/next.js
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ce4adfc02d3532e2c62ed8088660df1655e66278

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37699.json"