PT-2020-21071 — Remote Code Execution in Next Next

PT-2020-21071 · Next · Next

Published

2020-09-04

Updated

2020-09-04

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions next versions prior to 5.1.0

Description The issue allows for Remote Code Execution due to improper input sanitization in the /path: route, which passes input to a require() call. This enables attackers to execute JavaScript code on the server.

Recommendations Upgrade to version 5.1.0. As a temporary workaround, consider restricting access to the /path: route until the issue is resolved.

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

GHSA-5VJ8-3V2H-H38V

PT-2020-21071 · Next · Next

Weakness Enumeration

Related Identifiers

Affected Products

References · 3