80
Affected versions of the next-intl library are vulnerable to Open Redirect. next-intl accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks. The vulnerability occurs due to decodeURI doesn't escape decoded backslashs(%5C & %5c) and will decode them into '\' as an unsafe externalPathname in the Middleware functionality.
You're affected if you are using a version which is within vulnerability ranges.
Upgrade next-intl library to patch version.