Is next dot js a thing? I feel like it's a thing.
https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
sev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.
https://nvd.nist.gov/vuln/detail/CVE-2025-29927
cR0w /
npub1z3…cp45m
2025-03-21 15:45:50
Author Public Key
npub1z3sfut2znnrtgl0qt4q6npq8zmjd9c97ck0gh0me44ua6lzaaajq6cp45mSeen on
wss://relay.mostr.pubPublished at
2025-03-21 15:45:50Event JSON
{
"id": "43647e58727cb14f7463f99750a8eaf06502b22197415307e8c3d33720ee8ab3",
"pubkey": "14609e2d429cc6b47de05d41a9840716e4d2e0bec59e8bbf79ad79dd7c5def64",
"created_at": 1742571950,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/users/cR0w/statuses/114201195359591645",
"activitypub"
]
],
"content": "Is next dot js a thing? I feel like it's a thing.\n\nhttps://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw\n\nsev:CRIT 9.1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\n\nNext.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-29927",
"sig": "9df7a327cf8f8995ca9e03f8e051c239d3c8aa42f908a8081e498798e141a2176aee0ce87e4e3d97fc8df816569277f4a76b6396643ce84170d768ca3ca6a608"
}