In next
(aka Next.js) before version 11.1.0 there is an Open Redirect vulnerability.
10.0.5
and 10.2.0
11.0.0
and 11.0.1
using pages/_error.js
without getInitialProps
11.0.0
and 11.0.1
using pages/_error.js
and next export
pages/404.js
We recommend everyone to upgrade regardless of whether you can reproduce the issue or not.
https://github.com/vercel/next.js/releases/tag/v11.1.0
Upgrade to version 11.1.0 or later