next prior to 5.1.0 are vulnerable to Remote Code Execution. The
/path: route fails to properly sanitize input and passes it to a
next npm package hosted a different utility (0.4.1 being the latest version of that codebase), and this advisory does not apply to those versions.
Upgrade to version 5.1.0.