Exploitation Summary
CVE-2018-6184 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
Nuclei Templates (1)
Zeit Next.js < 4.2.3 - Local File Inclusion
HIGHby DhiyaneshDK
Shodan:
html:"/_next/static" || http.html:"/_next/static" || cpe:"cpe:2.3:a:zeit:next.js"
FOFA:
body="/_next/static"
References (1)
Core 1
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/zeit/next.js/releases/tag/4.2.3
Scores
CVSS v3
7.5
EPSS
0.0923
EPSS Percentile
94.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (15)
npm/next
1.0.0 - 4.2.3npm
zeit/next.js
4.0.0
zeit/next.js
4.0.1
zeit/next.js
4.0.2
zeit/next.js
4.0.3
zeit/next.js
4.0.4
zeit/next.js
4.0.5
zeit/next.js
4.1.0
zeit/next.js
4.1.1
zeit/next.js
4.1.2
... and 5 more
Published
Jan 24, 2018
Tracked Since
Feb 18, 2026