CVE-2020-5284
Exposure of Sensitive Information vulnerability in next (npm)
What is CVE-2020-5284 About?
This vulnerability affects Next.js versions below 9.3.2 but specific details are not provided in the description. The impact and ease of exploitation are therefore not explicitly stated, but the general recommendation for all users to update suggests a significant, though undefined, risk.
Affected Software
Technical Details
The provided description for CVE-2020-5284 only indicates that Next.js versions below 9.3.2 are affected, with specific deployment types (ZEIT Now v2, serverless target, next export) being unaffected. It does not elaborate on the specific technical mechanism of the vulnerability, its root cause, or the attack vector. It also does not explicitly state the type of vulnerability or how it works. Without further details, a technical explanation cannot be provided beyond what is explicitly stated in the vulnerability description.
What is the Impact of CVE-2020-5284?
Successful exploitation may allow attackers to compromise the integrity, confidentiality, or availability of the application, depending on the undisclosed nature of the flaw.
What is the Exploitability of CVE-2020-5284?
Without specific details about the vulnerability, the exploitability characteristics are unknown. However, given it affects Next.js, it is likely a client-side or server-side vulnerability in web applications. Complexity, authentication requirements, privilege requirements, and whether it's remote or local exploitation are all unspecified. The presence of 'Affected: Users of Next.js below 9.3.2' suggests a broad impact, but without a technical explanation, no further details can be inferred.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2020-5284?
Available Upgrade Options
- next
- >0.9.9, <9.3.2 → Upgrade to 9.3.2
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://osv.dev/vulnerability/GHSA-fq77-7p7r-83rj
- https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj
- https://nvd.nist.gov/vuln/detail/CVE-2020-5284
- https://github.com/zeit/next.js/releases/tag/v9.3.2
- https://github.com/zeit/next.js/releases/tag/v9.3.2
- https://www.npmjs.com/advisories/1503
- https://github.com/zeit/next.js/security/advisories/GHSA-fq77-7p7r-83rj
What are Similar Vulnerabilities to CVE-2020-5284?
Similar Vulnerabilities: CVE-2020-5285 , CVE-2020-5286 , CVE-2020-5287 , CVE-2020-5288 , CVE-2020-5289
