A significant security vulnerability has been identified in the widely used Next.js framework, potentially affecting millions of websites and applications.
Security researchers Rachid Allam (zhero) and Yasser Allam (inzo_) collaborated to uncover the flaw within the framework’s middleware functionality.
Next.js, a React-based framework with over 130,000 GitHub stars and nearly 10 million weekly downloads, is favored by developers for its rich feature set. However, its extensive capabilities also create a broad attack surface, attracting security scrutiny.
https://www.developer-tech.com/news/critical-security-flaw-uncovered-next-js-framework/
