{"id":"CVE-2018-6184","details":"ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next request namespace.","aliases":["GHSA-m34x-wgrh-g897"],"modified":"2026-04-09T06:21:16.523611Z","published":"2018-01-24T10:29:01.020Z","references":[{"type":"REPORT","url":"https://github.com/zeit/next.js/releases/tag/4.2.3"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vercel/next.js","events":[{"introduced":"0"},{"fixed":"44de0f15c96c425c193ffdccacb14f28051051d5"}]},{"type":"GIT","repo":"https://github.com/zeit/next.js","events":[{"introduced":"0"},{"last_affected":"c99c05018b8d6125008acc0bd9a33eeae2ed9f14"},{"introduced":"0"},{"last_affected":"c0473789920dab7ec93f5856854d23f0c85fcf40"},{"introduced":"0"},{"last_affected":"4de69f8ba40e90eb5436f8094e286d0700671480"},{"introduced":"0"},{"last_affected":"10566b7da8cf4e89bd0bb4ae4a2d5c37dfe63b0b"},{"introduced":"0"},{"last_affected":"db151d250add363e07b3a31714a54fcd033d59a2"},{"introduced":"0"},{"last_affected":"443b1d1260bda7a91fb797ca04b94c55ddb91a98"},{"introduced":"0"},{"last_affected":"ec3486a702200d09f672fc8d54f9d36c374dfc49"},{"introduced":"0"},{"last_affected":"586b871a43a371dc757ca0821c047151e77a94db"},{"introduced":"0"},{"last_affected":"a2a83236f055cb0383725850c393d3c3aeeb7f73"},{"introduced":"0"},{"last_affected":"9805231cf95bd9a0bac447c167aee916c5b07ede"},{"introduced":"0"},{"last_affected":"c927c4f1ce0798e6728e5ec75f3895a67f002187"},{"introduced":"0"},{"last_affected":"fe2924c5f41facbf520306a995b23e9e69c955ae"},{"introduced":"0"},{"last_affected":"2ec397b3564d5dbca933e8def9cd0801ebd3a2b5"},{"introduced":"0"},{"last_affected":"03507501cdc3ecf5b455a748cff4da9a8c1bdb72"},{"introduced":"0"},{"last_affected":"03aae1f9fc843927cc4ba2dbe13537304506a36a"},{"introduced":"0"},{"last_affected":"67643e255a8c097d6519292d44bbacc926e29dde"},{"introduced":"0"},{"last_affected":"b89b05bc761f91dca05a756de4bfaa0d3cb03fe8"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.0.0"},{"introduced":"0"},{"last_affected":"4.0.1"},{"introduced":"0"},{"last_affected":"4.0.2"},{"introduced":"0"},{"last_affected":"4.0.3"},{"introduced":"0"},{"last_affected":"4.0.4"},{"introduced":"0"},{"last_affected":"4.0.5"},{"introduced":"0"},{"last_affected":"4.1.0"},{"introduced":"0"},{"last_affected":"4.1.1"},{"introduced":"0"},{"last_affected":"4.1.2"},{"introduced":"0"},{"last_affected":"4.1.3"},{"introduced":"0"},{"last_affected":"4.1.4"},{"introduced":"0"},{"last_affected":"4.1.4-canary_1"},{"introduced":"0"},{"last_affected":"4.1.4-canary_2"},{"introduced":"0"},{"last_affected":"4.2.0"},{"introduced":"0"},{"last_affected":"4.2.0-canary_1"},{"introduced":"0"},{"last_affected":"4.2.1"},{"introduced":"0"},{"last_affected":"4.2.2"}]}}],"versions":["1.0.0","1.0.1","1.0.2","1.1.0","1.1.1","1.1.2","1.2.0","1.2.1","1.2.2","1.2.3","2.0.0","2.0.0-beta.0","2.0.0-beta.1","2.0.0-beta.10","2.0.0-beta.11","2.0.0-beta.12","2.0.0-beta.13","2.0.0-beta.14","2.0.0-beta.15","2.0.0-beta.16","2.0.0-beta.17","2.0.0-beta.18","2.0.0-beta.19","2.0.0-beta.2","2.0.0-beta.20","2.0.0-beta.21","2.0.0-beta.22","2.0.0-beta.23","2.0.0-beta.24","2.0.0-beta.25","2.0.0-beta.26","2.0.0-beta.27","2.0.0-beta.28","2.0.0-beta.29","2.0.0-beta.3","2.0.0-beta.30","2.0.0-beta.31","2.0.0-beta.32","2.0.0-beta.33","2.0.0-beta.34","2.0.0-beta.35","2.0.0-beta.36","2.0.0-beta.37","2.0.0-beta.38","2.0.0-beta.39","2.0.0-beta.4","2.0.0-beta.40","2.0.0-beta.41","2.0.0-beta.42","2.0.0-beta.5","2.0.0-beta.6","2.0.0-beta.7","2.0.0-beta.8","2.0.0-beta.9","2.0.1","2.1.0","2.1.1","2.2.0","2.3.0","2.3.1","2.3.2","2.4.0","2.4.1","2.4.3","2.4.4","2.4.5","2.4.6","2.4.7","2.4.8","2.4.9","3.0.1","3.0.2","3.0.3","3.0.4","3.0.5","3.0.6","3.1.0","3.2.0","3.2.1","3.2.2","4.0.0","4.0.0-beta.1","4.0.0-beta.2","4.0.0-beta.3","4.0.0-beta.4","4.0.0-beta.5","4.0.0-beta.6","4.0.1","4.0.2","4.0.3","4.0.4","4.0.5","4.1.0","4.1.1","4.1.2","4.1.3","4.1.4","4.1.4-canary.1","4.1.4-canary.2","4.2.0","4.2.0-canary.1","4.2.1","4.2.2","v2.4.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-6184.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}