Seiry

Seiry

next.js's x-middleware-subrequest vulnerability

Saw a high-risk issue with next.js.

https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw

It vaguely (obscene) states that blocking x-middleware-subrequest can mitigate the attack.

Commit for the vulnerability fix
https://github.com/vercel/next.js/commit/9704c8e9fcc58236349ed787903831579440a879

image

The commit was made five days ago, and the CVE was released yesterday. This means it has been lingering in the wild for several days.

image

Exploitation seems really easy... setting subrequest to true directly bypasses the intermediate logic? (I didn't look very closely)

All I can say is that OpenAI is still a step ahead, having switched from next.js to remix a long time ago, hahahahaha.

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.