[f4b52]

Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops. The security vulnerability shows it's possible to skip running Middleware, which could allow requests to bypass critical checks—such as authorization cookie validation—before reaching routes.

Hidden Content

You must register or login to view this content.

[Fantom1337]

i think john hammond did a video on this cve  ?

This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Leeching | http://c66go4clkqodr7tdjfu76jztjs7w7d3fajdeypxn73v4ju3dt7g5yyyd.onion/Forum-Ban-Appeals if you feel this is incorrect.

[sorhack2]

Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops. The security vulnerability shows it's possible to skip running Middleware, which could allow requests to bypass critical checks—such as authorization cookie validation—before reaching routes.

yes we look this comment

[Eint]

lool, thx for share this cve

[jaantaampalpa]

Can't wait to check the impact of this one on some next.js applications
thanks for sharing

[adikgorgon45]

thx share. best sharing

[toto1909]

thank you so much forr this

[erenYaeger]

Thank you for sharing this CVE with us

[zjga]

Thank you for sharing this CVE with us

[zirkonium]

thanks for sharing