Medium severity4.4NVD Advisory· Published Mar 30, 2020· Updated Jun 17, 2026
CVE-2020-5284
CVE-2020-5284
Description
Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nextnpm | >= 0.9.9, < 9.3.2 | 9.3.2 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-fq77-7p7r-83rjghsaADVISORY
- github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rjnvdThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2020-5284ghsaADVISORY
- github.com/zeit/next.js/releases/tag/v9.3.2nvdRelease NotesWEB
- www.npmjs.com/advisories/1503ghsaWEB
News mentions
0No linked articles in our index yet.