CVE-2021-37699
Title: Open Redirect via Specially Encoded Paths
Proof Of Concept
No public PoC currently indexed for CVE-2021-37699.
Vulnerability Summary
CVE-2021-37699: Next.js is an open source website development framework to be used with the React library. In affected versions specially encoded paths could be used when pages/_error.js was statically generated allowing an open redirect to occur to an external site. In general, this redirect does not directly harm users although can allow for phishing attacks by redirecting to an attacker's domain from a trusted domain. We recommend everyone to upgrade regardless of whether you can reproduce the issue or not. The issue has been patched in release 11.1.0.
Impacted Vendors
Reference Links
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AV:N/AC:M/Au:N/C:P/I:P/A:N
Associated Attack Patterns (CAPEC)
Total: PatternsNo specific attack patterns mapped.
CVE-2021-37699 Exploits & PoCs (Proof Of Concept)
No public PoCs found in our database for this CVE.
Vulnerability data or affected products updated.
Vulnerability first announced in NVD.
Attack Vector Matrix
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
Affected Stack
No specific products linked.