3 matches found
Zeit Next.js < 4.2.3 - Local File Inclusion
Zeit Next.js before 4.2.3 is susceptible to local file inclusion under the /next request namespace. An attacker can obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2018-6184 info: name: Zeit Next.js =4.2...
5aces-client-web (>=1.0.1 <=1.0.6), @bani2812/teasilent (=1.1.4) +61 more potentially affected by CVE-2018-6184 via next (>=1.2.3 <=4.2.1)
next NPM version =1.2.3, =1.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.5, =0.3.0, =0.1.8, =0.1.0, =1.0.2, =1.3.21, =0.0.80, =0.0.143 and more Source cves: CVE-2018-6184 Source advisory: OSV:GHSA-M34X-WGRH-G897...
CVE-2018-6184
Zeit Next.js 4.x before 4.2.3 is vulnerable to a directory traversal via the /_next request namespace. The connected templates describe Local File Inclusion/LFI exposure, allowing an attacker to read sensitive files and potentially modify data or perform administrative actions within the affected...