Next.js < 9.3.2 Path Traversal

medium Web App Scanning Plugin ID 112716

Language:

Synopsis

Next.js < 9.3.2 Path Traversal

Description

Versions of the Next.js framework before version 9.3.2 suffer from a vulnerability allowing an attacker, via a specially forged request, to access arbitrary files in the folder ".next".

This vulnerability does not affect files outside the folder ".next".

In general, the ".next" directory only holds build assets.

This issue is fixed in version 9.3.2

Solution

Upgrade to Next.js version 9.3.2 or later.

See Also

https://github.com/vercel/next.js/releases/tag/v9.3.2

https://github.com/vercel/next.js/security/advisories/GHSA-fq77-7p7r-83rj

Plugin Details

Severity: Medium

ID: 112716

Type: remote

Family: Component Vulnerability

Published: 3/10/2021

Updated: 9/7/2021

Scan Template: api, basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2020-5284

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: CVE-2020-5284

Vulnerability Information

CPE: cpe:2.3:a:zeit:next.js:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 3/30/2020

Reference Information

CVE: CVE-2020-5284

CWE: 22, 23

OWASP: 2010-A4, 2013-A4, 2013-A9, 2017-A5, 2017-A9, 2021-A1, 2021-A6

WASC: Path Traversal

CAPEC: 126, 64, 76, 78, 79

DISA STIG: APSC-DV-002560, APSC-DV-002630

HIPAA: 164.306(a)(1), 164.306(a)(2)

ISO: 27001-A.14.2.5

NIST: sp800_53-CM-6b, sp800_53-SI-10

OWASP API: 2019-API7, 2023-API8

OWASP ASVS: 4.0.2-12.3.1, 4.0.2-14.2.1

PCI-DSS: 3.2-6.2, 3.2-6.5.8