CVE-2020-15242

Name of the Vulnerable Software and Affected Versions Next.js versions 9.5.0 through 9.5.3

Description The issue allows for an Open Redirect, where specially encoded paths could be used with the trailing slash redirect to allow an open redirect to occur to an external site. This redirect does not directly harm users, although it can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.

Recommendations For Next.js versions 9.5.0 through 9.5.3, upgrade to version 9.5.4 to resolve the issue. As a temporary workaround, consider restricting access to specially encoded paths to minimize the risk of exploitation.