CVE-2018-6184 Scanner
Detects 'Local File Inclusion (LFI)' vulnerability in Zeit Next.js affects v. before 4.2.3.
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Url
Toolbox
-
ZEIT Next.js is a popular open-source framework for building React applications. It provides advanced features such as server-side rendering, automatic code splitting, and static site generation. Developed by ZEIT, Next.js is used by developers and companies to create high-performance web applications with minimal configuration. With Next.js, developers can focus on building their applications instead of worrying about complex build setups.
However, like any other software, Next.js is not immune to security vulnerabilities. An important vulnerability was detected in versions before 4.2.3. The vulnerability, identified under the code CVE-2018-6184, is a Directory Traversal vulnerability under the /_next request namespace. This means that an attacker can use specially crafted requests to navigate to arbitrary directories on the server and potentially access sensitive information.
When exploited, this vulnerability can lead to serious consequences for developers and companies using Next.js. For instance, attackers could obtain sensitive information such as usernames, passwords, or other confidential data. Additionally, the attacker could modify, delete, or corrupt data, leading to service downtime and data loss. In some cases, the attacker could even gain control over the entire server, allowing them to launch further attacks against other systems and services.
At s4e.io, users can easily and quickly learn about vulnerabilities in their digital assets using the platform's pro features. S4E provides comprehensive scans and analyses of websites and web applications, identifying potential vulnerabilities and providing actionable recommendations to mitigate them. With S4E, users can rest assured that their digital assets are protected against vulnerabilities such as CVE-2018-6184.
REFERENCES