Vercel · Next.Js · CVE-2017-16877
**Name of the Vulnerable Software and Affected Versions**
Next.js versions prior to 2.4.1
**Description**
The issue allows attackers to obtain sensitive information through directory traversal under the `/static` and `/ next` request namespaces.
**Recommendations**
For versions prior to 2.4.1, update to version 2.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `/static` and `/ next` request namespaces until a patch is applied.