High severity7.5NVD Advisory· Published Nov 17, 2017· Updated Jun 17, 2026
CVE-2017-16877
CVE-2017-16877
Description
ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nextnpm | >= 1.0.0, < 2.4.1 | 2.4.1 |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-3f5c-4qxj-vmpfghsaADVISORY
- github.com/zeit/next.js/releases/tag/2.4.1nvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-16877ghsaADVISORY
- github.com/vercel/next.js/commit/02fe7cf63f6265d73bdaf8bc50a4f2fb539dcd00nvdWEB
News mentions
0No linked articles in our index yet.