{ "affected": [ { "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "44de0f15c96c425c193ffdccacb14f28051051d5" } ], "repo": "https://github.com/vercel/next.js", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "4.0.0" }, { "introduced": "0" }, { "last_affected": "4.0.1" }, { "introduced": "0" }, { "last_affected": "4.0.2" }, { "introduced": "0" }, { "last_affected": "4.0.3" }, { "introduced": "0" }, { "last_affected": "4.0.4" }, { "introduced": "0" }, { "last_affected": "4.0.5" }, { "introduced": "0" }, { "last_affected": "4.1.0" }, { "introduced": "0" }, { "last_affected": "4.1.1" }, { "introduced": "0" }, { "last_affected": "4.1.2" }, { "introduced": "0" }, { "last_affected": "4.1.3" }, { "introduced": "0" }, { "last_affected": "4.1.4" }, { "introduced": "0" }, { "last_affected": "4.1.4-canary_1" }, { "introduced": "0" }, { "last_affected": "4.1.4-canary_2" }, { "introduced": "0" }, { "last_affected": "4.2.0" }, { "introduced": "0" }, { "last_affected": "4.2.0-canary_1" }, { "introduced": "0" }, { "last_affected": "4.2.1" }, { "introduced": "0" }, { "last_affected": "4.2.2" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "c99c05018b8d6125008acc0bd9a33eeae2ed9f14" }, { "introduced": "0" }, { "last_affected": "c0473789920dab7ec93f5856854d23f0c85fcf40" }, { "introduced": "0" }, { "last_affected": "4de69f8ba40e90eb5436f8094e286d0700671480" }, { "introduced": "0" }, { "last_affected": "10566b7da8cf4e89bd0bb4ae4a2d5c37dfe63b0b" }, { "introduced": "0" }, { "last_affected": "db151d250add363e07b3a31714a54fcd033d59a2" }, { "introduced": "0" }, { "last_affected": "443b1d1260bda7a91fb797ca04b94c55ddb91a98" }, { "introduced": "0" }, { "last_affected": "ec3486a702200d09f672fc8d54f9d36c374dfc49" }, { "introduced": "0" }, { "last_affected": "586b871a43a371dc757ca0821c047151e77a94db" }, { "introduced": "0" }, { "last_affected": "a2a83236f055cb0383725850c393d3c3aeeb7f73" }, { "introduced": "0" }, { "last_affected": "9805231cf95bd9a0bac447c167aee916c5b07ede" }, { "introduced": "0" }, { "last_affected": "c927c4f1ce0798e6728e5ec75f3895a67f002187" }, { "introduced": "0" }, { "last_affected": "fe2924c5f41facbf520306a995b23e9e69c955ae" }, { "introduced": "0" }, { "last_affected": "2ec397b3564d5dbca933e8def9cd0801ebd3a2b5" }, { "introduced": "0" }, { "last_affected": "03507501cdc3ecf5b455a748cff4da9a8c1bdb72" }, { "introduced": "0" }, { "last_affected": "03aae1f9fc843927cc4ba2dbe13537304506a36a" }, { "introduced": "0" }, { "last_affected": "67643e255a8c097d6519292d44bbacc926e29dde" }, { "introduced": "0" }, { "last_affected": "b89b05bc761f91dca05a756de4bfaa0d3cb03fe8" } ], "repo": "https://github.com/zeit/next.js", "type": "GIT" } ] } ], "details": "ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.", "id": "CVE-2018-6184", "modified": "2026-03-13T21:52:29.120099462Z", "published": "2018-01-24T10:29:01.020Z", "references": [ { "type": "REPORT", "url": "https://github.com/zeit/next.js/releases/tag/4.2.3" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "type": "CVSS_V3" } ] }