Merge pull request #226 from github/medikoo-GHSA-vxf5-wxwp-m7g9

advisory-database[bot] · web-flow · commit 943bd97f8063 · 2022-04-28T20:31:32.000Z
diff --git a/advisories/github-reviewed/2021/08/GHSA-vxf5-wxwp-m7g9/GHSA-vxf5-wxwp-m7g9.json b/advisories/github-reviewed/2021/08/GHSA-vxf5-wxwp-m7g9/GHSA-vxf5-wxwp-m7g9.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.2.0",
   "id": "GHSA-vxf5-wxwp-m7g9",
-  "modified": "2021-08-26T21:23:18Z",
+  "modified": "2022-04-26T08:18:51Z",
   "published": "2021-08-12T14:51:14Z",
   "aliases": [
     "CVE-2021-37699"
   ],
   "summary": "Open Redirect in Next.js",
-  "details": "### Impact\n\n- **Affected:** Users of Next.js between `10.0.5` and `10.2.0`\n- **Affected:** Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` without `getInitialProps`\n- **Affected:** Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` and `next export`\n- **Not affected**: Deployments on Vercel ([vercel.com](https://vercel.com)) are not affected\n- **Not affected:** Deployments **with** `pages/404.js`\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v11.1.0\n",
+  "details": "### Impact\n\n- **Affected:** Users of Next.js between `10.0.5` and `10.2.0`\n- **Affected:** Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` without `getInitialProps`\n- **Affected:** Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` and `next export`\n- **Not affected**: Deployments on Vercel ([vercel.com](https://vercel.com)) are not affected\n- **Not affected:** Deployments **with** `pages/404.js`\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n_Note that prior version 0.9.9 package `next` npm package hosted a different utility (0.4.1 being the latest version of that codebase), and this advisory does not apply to those versions._\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v11.1.0\n",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -25,7 +25,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.9.9"
             },
             {
               "fixed": "11.1.0"

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.2.0",`
`3`	`3`	`"id": "GHSA-vxf5-wxwp-m7g9",`
`4`		`- "modified": "2021-08-26T21:23:18Z",`
	`4`	`+ "modified": "2022-04-26T08:18:51Z",`
`5`	`5`	`"published": "2021-08-12T14:51:14Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2021-37699"`
`8`	`8`	`],`
`9`	`9`	`"summary": "Open Redirect in Next.js",`
`10`		- "details": "### Impact\n\n- Affected: Users of Next.js between `10.0.5` and `10.2.0`\n- Affected: Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` without `getInitialProps`\n- Affected: Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` and `next export`\n- Not affected: Deployments on Vercel ([vercel.com](https://vercel.com)) are not affected\n- Not affected: Deployments with `pages/404.js`\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v11.1.0\n",
	`10`	+ "details": "### Impact\n\n- Affected: Users of Next.js between `10.0.5` and `10.2.0`\n- Affected: Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` without `getInitialProps`\n- Affected: Users of Next.js between `11.0.0` and `11.0.1` using `pages/_error.js` and `next export`\n- Not affected: Deployments on Vercel ([vercel.com](https://vercel.com)) are not affected\n- Not affected: Deployments with `pages/404.js`\n\nWe recommend everyone to upgrade regardless of whether you can reproduce the issue or not.\n\n_Note that prior version 0.9.9 package `next` npm package hosted a different utility (0.4.1 being the latest version of that codebase), and this advisory does not apply to those versions._\n\n### Patches\n\nhttps://github.com/vercel/next.js/releases/tag/v11.1.0\n",
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`13`	`13`	`"type": "CVSS_V3",`
`@@ -25,7 +25,7 @@`
`25`	`25`	`"type": "ECOSYSTEM",`
`26`	`26`	`"events": [`
`27`	`27`	`{`
`28`		`- "introduced": "0"`
	`28`	`+ "introduced": "0.9.9"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`	`31`	`"fixed": "11.1.0"`