Jeremy Rauch

**Name of the Vulnerable Software and Affected Versions** Next.js versions 7.0.0 through 7.0.1 **Description** The issue is related to a cross-site scripting (XSS) problem. It affects the 404 or 500 / error page. **Recommendations** For versions 7.0.0 and 7.0.1, update to a version that fixes this issue to prevent XSS attacks.

Name of the Vulnerable Software and Affected Versions: Windows NT 4.0 Description: The issue is related to the `getCanonicalPath` function, which may free memory that it does not own, causing heap corruption. This can lead to a denial of service (crash) when requests with long file names are passed to `getCanonicalPath`. An example of this issue is demonstrated on the IBM JVM using a long string to the `java.io.getCanonicalPath` Java method. Recommendations: For Windows NT 4.0, consider restricting the length of file names passed to the `getCanonicalPath` function to prevent heap corruption and denial of service attacks. As a temporary workaround, consider disabling the `getCanonicalPath` function until a patch is available.