Vercel Next.js 9.5.3 Canary 26 for Node.js

CPE Details

Vercel Next.js 9.5.3 Canary 26 for Node.js
vercel
next.js
9.5.3
2020-12-03
11h50 +00:00
2020-12-03
11h50 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:vercel:next.js:9.5.3:canary26:*:*:*:node.js:*:*

Informations

Vendor

vercel

Product

next.js

Version

9.5.3

Update

canary26

Target Software

node.js

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-46298 2023-10-21 22h00 +00:00 Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
7.5
High
CVE-2020-15242 2020-10-08 17h50 +00:00 Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect. Specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attackers domain from a trusted domain. The issue is fixed in version 9.5.4.
6.1
Medium