Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:
> If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.
https://securityonline.info/cve-2024-51479-next-js-authorization-bypass-vulnerability-affects-millions-of-developers/
Taggart :donor: /
npub1yg…tccz0
2024-12-20 04:52:16
Author Public Key
npub1yg8lnapwc8yyd0m32jcfdp7k28hwmsvtsqc59rsj6d6d0m3mynqs7tccz0Published at
2024-12-20 04:52:16Event JSON
{
"id": "3f0d3baaa7c26c9d8c9301ce17d191c29f5973a9273c2fec80c750236a8e2b91",
"pubkey": "220ff9f42ec1c846bf7154b09687d651eeedc18b8031428e12d374d7ee3b24c1",
"created_at": 1734670336,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@mttaggart/113683355203817189",
"web"
],
[
"proxy",
"https://infosec.exchange/users/mttaggart/statuses/113683355203817189",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/mttaggart/statuses/113683355203817189",
"pink.momostr"
],
[
"-"
]
],
"content": "Wow, a fairly serious auth bypass in Next.js, a super popular frontend framework:\n\n\u003e If a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed.\n\nhttps://securityonline.info/cve-2024-51479-next-js-authorization-bypass-vulnerability-affects-millions-of-developers/",
"sig": "d9a0d8fe3f9f7588caf5126b1a39b5160e36b5c3a99e912db9a1251fde21d861927cc3aec9a3292b3df0a7d442dd9bea5714ab282fb55e8c26fc08c50a28dd6f"
}