Launch Week Day 1: Announcing Security Design Review

Directory traversal vulnerability in Next.js

GHSA-m34x-wgrh-g897 · CVE-2018-6184

Published Jan 24, 2018 · Modified Nov 8, 2023

Description

Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-6184
ADVISORY https://github.com/advisories/GHSA-m34x-wgrh-g897
WEB https://github.com/vercel/next.js/releases/tag/4.2.3
PACKAGE https://github.com/zeit/next.js

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes