next@15.5.4

Analyzed at 9/23/2025, 5:39:23 PM

Source https://registry.npmjs.org/next/-/next-15.5.4.tgz

SHA256 5188d186e94a8d5470af6ed2725d209d8b2abc29cc7d6bedd58a748efd7e89f9

Confidence CONFIDENCE_HIGH

Version

15.5.4

Vulnerabilities

OpenSSF Scorecard

5.9/10

License

MIT

Ecosystem

NPM

Summary

Note: This report is updated by a verification record

Multiple files flagged for potential data exfiltration, XSS, and RCE vulnerabilities. High confidence of malicious intent due to combined factors.

Verification Record

ANALYSIS_STATUS_COMPLETED

Details

Note: This report is updated by a verification record

The package exhibits multiple concerning behaviors. Several files match the 'sys_net_recon_exfil' YARA rule, suggesting potential system and network information exfiltration. Additionally, the code constructs javascript: URLs and assigns them to formAction attributes, which can lead to XSS or RCE if user-controlled data is involved. Furthermore, dynamic code execution is possible via formatDynamicImportPath if the cacheHandlers configuration is compromised. These factors, combined, indicate malicious intent.