CVE CVE-2020-5284 Mappings

Next.js versions before 9.3.2 have a directory traversal vulnerability. Attackers could craft special requests to access files in the dist directory (.next). This does not affect files outside of the dist directory (.next). In general, the dist directory only holds build assets unless your application intentionally stores other assets under this directory. This issue is fixed in version 9.3.2.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name
CVE-2020-5284 next.js primary_impact T1005 Data from Local System