Forwarded From 每日消费电子观察 (horo)
危害程度9.1/10,知名开源类库 Next.js 爆出中间件鉴权漏洞
Authorization Bypass in Next.js Middleware · CVE-2025-29927
==========
省流:通过添加特定请求头可以轻易绕过nextjs中间件鉴权
https://github.com/advisories/GHSA-f82v-jwr5-mffw
GitHub
CVE-2025-29927 - GitHub Advisory DatabaseAuthorization Bypass in Next.js Middleware
