VulnerableCode Package Details - pkg:npm/next@0.2.7

Search for packages

Vulnerability	Summary	Fixed by
VCID-1q1j-qgqj-syhw Aliases: CVE-2017-16877 GHSA-3f5c-4qxj-vmpf	Path Traversal Next has directory traversal under the `/_next` and `/static` request namespace, allowing attackers to obtain sensitive information.	2.4.1 Affected by 8 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rx4e-7jj2-9udg Aliases: CVE-2023-46298 GHSA-c59h-r6p8-q9wc	Next.js missing cache-control header may lead to CDN caching empty reply Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.	13.4.20-canary.0 Affected by 19 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 13.4.20-canary.13 Affected by 19 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 13.5.0 Affected by 17 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-1q1j-qgqj-syhw
Aliases:
CVE-2017-16877
GHSA-3f5c-4qxj-vmpf

Path Traversal Next has directory traversal under the `/_next` and `/static` request namespace, allowing attackers to obtain sensitive information.

2.4.1
Affected by 8 other vulnerabilities.

VCID-rx4e-7jj2-9udg
Aliases:
CVE-2023-46298
GHSA-c59h-r6p8-q9wc

Next.js missing cache-control header may lead to CDN caching empty reply Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

13.4.20-canary.0
Affected by 19 other vulnerabilities.

13.4.20-canary.13
Affected by 19 other vulnerabilities.

13.5.0
Affected by 17 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:41:28.855750+00:00	GitLab Importer	Affected by	VCID-rx4e-7jj2-9udg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next/CVE-2023-46298.yml	38.4.0
2026-04-16T20:40:18.328055+00:00	GitLab Importer	Affected by	VCID-1q1j-qgqj-syhw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next/CVE-2017-16877.yml	38.4.0
2026-04-12T00:01:00.149094+00:00	GitLab Importer	Affected by	VCID-rx4e-7jj2-9udg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next/CVE-2023-46298.yml	38.3.0
2026-04-11T21:51:01.936859+00:00	GitLab Importer	Affected by	VCID-1q1j-qgqj-syhw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next/CVE-2017-16877.yml	38.3.0
2026-04-03T00:04:02.467576+00:00	GitLab Importer	Affected by	VCID-rx4e-7jj2-9udg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next/CVE-2023-46298.yml	38.1.0
2026-04-02T22:04:52.840273+00:00	GitLab Importer	Affected by	VCID-1q1j-qgqj-syhw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next/CVE-2017-16877.yml	38.1.0
2026-04-01T16:21:49.979306+00:00	GitLab Importer	Affected by	VCID-1q1j-qgqj-syhw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/next/CVE-2017-16877.yml	38.0.0