Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OTYtbW0yZy1jOG03

Moderate EPSS: 0.00268% (0.50268 Percentile) EPSS:
Permalink JSON

Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page

Affected Packages Affected Versions Fixed Versions
npm:next
PURL: pkg:npm/next
>= 7.0.0, < 7.0.2 7.0.2
8,463 Dependent packages
345,645 Dependent repositories
32,544,543 Downloads last month

Affected Version Ranges

All affected versions

7.0.0, 7.0.0-canary.0, 7.0.0-canary.1, 7.0.0-canary.2, 7.0.0-canary.3, 7.0.0-canary.4, 7.0.0-canary.5, 7.0.0-canary.6, 7.0.0-canary.7, 7.0.0-canary.8, 7.0.0-canary.9, 7.0.0-canary.10, 7.0.0-canary.11, 7.0.0-canary.12, 7.0.0-canary.13, 7.0.0-canary.14, 7.0.0-canary.15, 7.0.0-canary.16, 7.0.0-canary.18, 7.0.0-canary.19, 7.0.0-canary.20, 7.0.1, 7.0.1-canary.0, 7.0.1-canary.1, 7.0.1-canary.2, 7.0.1-canary.3, 7.0.1-canary.4, 7.0.1-canary.5, 7.0.1-canary.6

All unaffected versions

0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.2.2, 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9, 0.2.10, 0.2.11, 0.2.12, 0.2.13, 0.2.14, 0.3.0, 0.3.1, 0.3.2, 0.3.3, 0.4.0, 0.4.1, 0.9.9, 0.9.10, 0.9.11, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, 1.1.2, 1.2.0, 1.2.1, 1.2.2, 1.2.3, 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.3.0, 2.3.1, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.1.0, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 5.0.0, 5.1.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.1.0, 6.1.1, 6.1.2, 7.0.2, 7.0.3, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.1.0, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.3.4, 9.3.5, 9.3.6, 9.4.0, 9.4.1, 9.4.2, 9.4.3, 9.4.4, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 9.5.5, 10.0.0, 10.0.1, 10.0.2, 10.0.3, 10.0.4, 10.0.5, 10.0.6, 10.0.7, 10.0.8, 10.0.9, 10.1.0, 10.1.1, 10.1.2, 10.1.3, 10.2.0, 10.2.1, 10.2.2, 10.2.3, 11.0.0, 11.0.1, 11.1.0, 11.1.1, 11.1.2, 11.1.3, 11.1.4, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.0.5, 12.0.6, 12.0.7, 12.0.8, 12.0.9, 12.0.10, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.1.4, 12.1.5, 12.1.6, 12.2.0, 12.2.1, 12.2.2, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.3.0, 12.3.1, 12.3.2, 12.3.3, 12.3.4, 12.3.5, 12.3.6, 12.3.7, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.0.4, 13.0.5, 13.0.6, 13.0.7, 13.1.0, 13.1.1, 13.1.2, 13.1.3, 13.1.4, 13.1.5, 13.1.6, 13.2.0, 13.2.1, 13.2.2, 13.2.3, 13.2.4, 13.3.0, 13.3.1, 13.3.2, 13.3.3, 13.3.4, 13.4.0, 13.4.1, 13.4.2, 13.4.3, 13.4.4, 13.4.5, 13.4.6, 13.4.7, 13.4.8, 13.4.9, 13.4.10, 13.4.11, 13.4.12, 13.4.13, 13.4.15, 13.4.16, 13.4.17, 13.4.18, 13.4.19, 13.5.0, 13.5.1, 13.5.2, 13.5.3, 13.5.4, 13.5.5, 13.5.6, 13.5.7, 13.5.8, 13.5.9, 13.5.10, 13.5.11, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.1.0, 14.1.1, 14.1.2, 14.1.3, 14.1.4, 14.2.0, 14.2.1, 14.2.2, 14.2.3, 14.2.4, 14.2.5, 14.2.6, 14.2.7, 14.2.8, 14.2.9, 14.2.10, 14.2.11, 14.2.12, 14.2.13, 14.2.14, 14.2.15, 14.2.16, 14.2.17, 14.2.18, 14.2.19, 14.2.20, 14.2.21, 14.2.22, 14.2.23, 14.2.24, 14.2.25, 14.2.26, 14.2.27, 14.2.28, 14.2.29, 14.2.30, 15.0.0, 15.0.1, 15.0.2, 15.0.3, 15.0.4, 15.1.0, 15.1.1, 15.1.2, 15.1.3, 15.1.4, 15.1.5, 15.1.6, 15.1.7, 15.1.8, 15.2.0, 15.2.1, 15.2.2, 15.2.3, 15.2.4, 15.2.5, 15.3.0, 15.3.1, 15.3.2, 15.3.3, 15.3.4, 15.4.0

Next.js 7.0.0 and 7.0.1 has XSS via the 404 or 500 /_error page.

References:

Identifiers

GHSA-qw96-mm2g-c8m7

CVE-2018-18282

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00268

EPSS Percentile: 0.50268

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/zeit/next.js

Date and time

Published

about 7 years ago

Updated

almost 3 years ago

API

JSON