CVE-2018-6184
HIGH NUCLEIZEIT Next.js <4.2.3 - Path Traversal
Title source: llmDescription
ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.
Nuclei Templates (1)
Zeit Next.js < 4.2.3 - Local File Inclusion
HIGHby DhiyaneshDK
Shodan:
html:"/_next/static" || http.html:"/_next/static" || cpe:"cpe:2.3:a:zeit:next.js"
FOFA:
body="/_next/static"
Scores
CVSS v3
7.5
EPSS
0.1462
EPSS Percentile
94.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-22
Status
published
Products (15)
npm/next
1.0.0 - 4.2.3npm
zeit/next.js
4.0.0
zeit/next.js
4.0.1
zeit/next.js
4.0.2
zeit/next.js
4.0.3
zeit/next.js
4.0.4
zeit/next.js
4.0.5
zeit/next.js
4.1.0
zeit/next.js
4.1.1
zeit/next.js
4.1.2
... and 5 more
Published
Jan 24, 2018
Tracked Since
Feb 18, 2026