Arbitrary File Read in Next.js
Description
Next.js is a minimalistic framework for server-rendered React applications.
A directory traversal issue exists on Next.js versions lower than 2.4.1. This issues affects the /_next and /static request namespaces. An attacker can craft a request that accesses potentially sensitive information in your filesystem.
Remediation
Upgrade to the latest version of Next.js (this issue was fixed in Next.js version <strong>2.4.1</strong>).