next-intl 安全漏洞

next-intl is a Next.js solution developed by Jan Amann. Versions of next-intl prior to 4.9.1 contained a security vulnerability, which was caused by improper handling of middleware pathing, potentially leading to redirection to untrusted hosts...

Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values

A mismatch exists between how Astro normalizes request paths for routing/rendering and how the application’s middleware reads the path for validation checks. Astro internally applies decodeURI to determine which route to render, while the middleware uses context.url.pathname without applying the...