Описание
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
A flaw was found in Next.js package. This vulnerability allows bypassing authorization checks within a Next.js application if the authorization check occurs in middleware.
Отчет
This vulnerability is rated as Critical impact, rather than Important, because it allows complete authorization bypass in affected Next.js versions. Attackers can circumvent middleware-based authentication and access protected routes simply by including a specific HTTP header (x-middleware-subrequest). This bypasses all security controls implemented in middleware, granting unauthorized access to sensitive application functionality, including admin panels and restricted resources. Red Hat Enterprise Linux is not affected by this vulnerability as the authorization functionality of Next.js is not in use and the component is only used at build time. Red Hat Enterprise Linux AI is not affected since the listed components Pathservice and UI are not provided to the customers. Red Hat Trusted Artifact Signer and Streams for Apache Kafka 2 are not affected by this vulnerability as they do not use Next.js for any authorization functionality.
Меры по смягчению последствий
Block or drop external user requests which contain the x-middleware-subrequest header from reaching your Next.js application.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | firefox | Not affected | ||
| Red Hat Enterprise Linux 10 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 7 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | dotnet7.0 | Not affected | ||
| Red Hat Enterprise Linux 8 | firefox | Not affected | ||
| Red Hat Enterprise Linux 8 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux 9 | dotnet7.0 | Not affected | ||
| Red Hat Enterprise Linux 9 | firefox | Not affected | ||
| Red Hat Enterprise Linux 9 | thunderbird | Not affected | ||
| Red Hat Enterprise Linux AI (RHEL AI) | rhelai1/pathservice-rhel9 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
9.1 Critical
CVSS3
Связанные уязвимости
Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 12.3.5, 13.5.9, 14.2.25, and 15.2.3.
Уязвимость механизма обработки заголовков x-middleware-subrequest программной платформы создания веб-приложений Next.js, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
9.1 Critical
CVSS3