CVE-2021-37699
Summary
| CVE | CVE-2021-37699 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-08-12 00:15:00 UTC |
| Updated | 2021-08-20 12:46:00 UTC |
| Description | Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0. |
Risk And Classification
Problem Types: CWE-601
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Release v11.1.0 · vercel/next.js · GitHub | MISC | github.com | |
| Open Redirect in Next.js versions below 11.1.0 · Advisory · vercel/next.js · GitHub | CONFIRM | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 981453 Nodejs (npm) Security Update for next (GHSA-vxf5-wxwp-m7g9)