At NetNova.IO, we are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services, which include UI/UX design, website development, WordPress solutions, SEO, site speed optimization, and e-commerce development.
Security researchers Rachis Allam and Yasser Allam recently discovered a critical vulnerability in Next.js middleware that allows attackers to bypass authorisation checks under certain conditions.
The researchers’ discovery came from reviewing older versions (12.0.7) of the Next.js framework when they discovered a section of code within the runMiddleware function. By adding the x-middleware-subrequest header with a specific value to a request, they could effectively bypass the middleware entirely. Simply put, all it takes is adding a single HTTP header to your request to disable all of Next.js’s security checks, leaving digital assets extremely vulnerable. With a CVSS base score of 9.1 (critical), organisations are advised to patch their vulnerable Next.js applications without delay.
We do not sell, trade, or rent your personal information to third parties. We may share your data with:
