Arbitrary File Reading in Next.js < 2.4.1

Next.js is a quite popular (>13k stars on GitHub) framework for server-rendered React applications. It includes a NodeJS server which allows to render HTML pages dynamically. While digging into server’s code, a list of internal routes drew my attention: defineRoutes() { const routes = { /* … */ ‘/_next/:path+’: async(req, res, params) => { const […]