CVE-2017-16877

HIGH NUCLEI

Nextjs <2.4.1 - Local File Inclusion

Title source: nuclei

Description

ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.

Nuclei Templates (1)

Nextjs <2.4.1 - Local File Inclusion
HIGHby pikpikcu
Shodan: http.html:"/_next/static" || cpe:"cpe:2.3:a:zeit:next.js"
FOFA: body="/_next/static"

References (2)

Scores

CVSS v3 7.5
EPSS 0.8076
EPSS Percentile 99.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (2)
npm/next 1.0.0 - 2.4.1npm
zeit/next.js < 2.4.1
Published Nov 17, 2017
Tracked Since Feb 18, 2026