High
Node.js next module could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
Node.js
Node.js next 10.2.0
Node.js next 10.0.5
Node.js next 11.0.0
Node.js next 11.0.1
Upgrade to the latest version of Next (11.1.0 or later), available from the NPM Web site.