CVE-2021-37699

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 11.1.0

Description The issue in Next.js allows an open redirect to occur to an external site when specially encoded paths are used with statically generated pages/ error.js. This redirect does not directly harm users but can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain.

Recommendations For versions prior to 11.1.0, upgrade to the latest version of Next.js to improve the overall security of your application. As a temporary workaround, consider restricting access to the pages/ error.js file until the issue is resolved. Avoid using specially encoded paths in the pages/ error.js file to minimize the risk of exploitation.