Merge pull request #225 from github/medikoo-GHSA-5vj8-3v2h-h38v

Author: advisory-database[bot]

advisories/github-reviewed/2020/09/GHSA-5vj8-3v2h-h38v/GHSA-5vj8-3v2h-h38v.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.2.0",
   "id": "GHSA-5vj8-3v2h-h38v",
-  "modified": "2020-08-31T19:02:46Z",
+  "modified": "2022-04-26T08:18:41Z",
   "published": "2020-09-04T18:04:08Z",
   "aliases": [
 
   ],
   "summary": "Remote Code Execution in next",
-  "details": "Versions of `next` prior to 5.1.0 are vulnerable to Remote Code Execution. The `/path:` route fails to properly sanitize input and passes it to a `require()` call. This allows attackers to execute JavaScript code on the server.\n\n\n## Recommendation\n\nUpgrade to version 5.1.0.",
+  "details": "Versions of `next` prior to 5.1.0 are vulnerable to Remote Code Execution. The `/path:` route fails to properly sanitize input and passes it to a `require()` call. This allows attackers to execute JavaScript code on the server.\n\n_Note that prior version 0.9.9 package `next` npm package hosted a different utility (0.4.1 being the latest version of that codebase), and this advisory does not apply to those versions._\n\n## Recommendation\n\nUpgrade to version 5.1.0.",
   "severity": [
 
   ],
@@ -22,7 +22,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "0.9.9"
             },
             {
               "fixed": "5.1.0"