A significant security vulnerability has been discovered in the Next.js framework, which is widely used by developers for building applications. This flaw, identified by researchers Rachid Allam and Yasser Allam, pertains to the framework's middleware functionality, crucial for managing requests and executing code. With Next.js having a vast user base—over 130,000 stars on GitHub and nearly 10 million downloads weekly—the flaw poses a considerable risk, particularly regarding authentication and authorization processes. Older versions like 12.0.7 were notably scrutinized to uncover the issue, highlighting the challenges developers face in ensuring security.
A critical security flaw has been discovered in the popular Next.js framework, potentially impacting millions of websites and applications.
The vulnerability lies within how Next.js handles its middleware, allowing developers to execute code before a request is completed.
Middleware is a crucial component for functionalities including path rewriting and authentication, which can lead to significant security risks.
The researchers' breakthrough came from examining older versions of the framework, specifically identifying vulnerabilities in version 12.0.7.
Collection
[
|
...
]