From 9ed1c601aceed2da993d426e40595f977f892a6a Mon Sep 17 00:00:00 2001 From: Mariusz Nowak Date: Tue, 26 Apr 2022 10:18:41 +0200 Subject: [PATCH] Improve GHSA-5vj8-3v2h-h38v --- .../2020/09/GHSA-5vj8-3v2h-h38v/GHSA-5vj8-3v2h-h38v.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/advisories/github-reviewed/2020/09/GHSA-5vj8-3v2h-h38v/GHSA-5vj8-3v2h-h38v.json b/advisories/github-reviewed/2020/09/GHSA-5vj8-3v2h-h38v/GHSA-5vj8-3v2h-h38v.json index 0a1a23543dd8d..7bd36649136ab 100644 --- a/advisories/github-reviewed/2020/09/GHSA-5vj8-3v2h-h38v/GHSA-5vj8-3v2h-h38v.json +++ b/advisories/github-reviewed/2020/09/GHSA-5vj8-3v2h-h38v/GHSA-5vj8-3v2h-h38v.json @@ -1,13 +1,13 @@ { "schema_version": "1.2.0", "id": "GHSA-5vj8-3v2h-h38v", - "modified": "2020-08-31T19:02:46Z", + "modified": "2022-04-26T08:18:41Z", "published": "2020-09-04T18:04:08Z", "aliases": [ ], "summary": "Remote Code Execution in next", - "details": "Versions of `next` prior to 5.1.0 are vulnerable to Remote Code Execution. The `/path:` route fails to properly sanitize input and passes it to a `require()` call. This allows attackers to execute JavaScript code on the server.\n\n\n## Recommendation\n\nUpgrade to version 5.1.0.", + "details": "Versions of `next` prior to 5.1.0 are vulnerable to Remote Code Execution. The `/path:` route fails to properly sanitize input and passes it to a `require()` call. This allows attackers to execute JavaScript code on the server.\n\n_Note that prior version 0.9.9 package `next` npm package hosted a different utility (0.4.1 being the latest version of that codebase), and this advisory does not apply to those versions._\n\n## Recommendation\n\nUpgrade to version 5.1.0.", "severity": [ ], @@ -22,7 +22,7 @@ "type": "ECOSYSTEM", "events": [ { - "introduced": "0" + "introduced": "0.9.9" }, { "fixed": "5.1.0"