2 matches found
Partial String Comparison
Overview Affected versions of this package are vulnerable to Partial String Comparison via the router component. An attacker can route requests to unintended backend servers by sending crafted HTTP requests with manipulated Host headers. Remediation Upgrade http-proxy-middleware to version 2.0.10...
Next.js: HTTP request smuggling in rewrites
Summary When Next.js rewrites proxy traffic to an external backend, a crafted DELETE/OPTIONS request using Transfer-Encoding: chunked could trigger request boundary disagreement between the proxy and backend. This could allow request smuggling through rewritten routes. Impact An attacker could...