admin_hg/cx-nexredirect
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Upgrade next to 15.5.18 to fix middleware bypass CVEs

Browse source 
Fixes CVE-2026-44574 (CVSS 8.1), CVE-2026-44575 (CVSS 7.5),
CVE-2026-45109 (CVSS 7.5): attackers could bypass middleware auth
in App Router applications via dynamic route parameter injection
and segment-prefetch routes.

Also fixes CVE-2026-44579 (DoS, CVSS 7.5) and
CVE-2026-44576 (cache poisoning, CVSS 5.4).
This commit is contained in:
Hendrik 2026-05-15 16:51:04 +02:00
parent daa13c808b
commit 9da40724b4
2 changed files with 44 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

84
package-lock.json generated
View file

@ -1,12 +1,12 @@
{
"name": "corex-nexredirect",
"version": "0.1.27",
"version": "0.1.32",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "corex-nexredirect",
"version": "0.1.27",
"version": "0.1.32",
"license": "MIT",
"dependencies": {
"@radix-ui/react-dialog": "^1.1.4",
@ -21,7 +21,7 @@
"clsx": "^2.1.1",
"lucide-react": "^0.511.0",
"maxmind": "^4.3.20",
"next": "^15.5.15",
"next": "^15.5.18",
"next-auth": "^4.24.14",
"nodemailer": "^8.0.7",
"puppeteer-core": "^24.42.0",
@ -1032,15 +1032,15 @@
}
},
"node_modules/@next/env": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/@next/env/-/env-15.5.15.tgz",
"integrity": "sha512-vcmyu5/MyFzN7CdqRHO3uHO44p/QPCZkuTUXroeUmhNP8bL5PHFEhik22JUazt+CDDoD6EpBYRCaS2pISL+/hg==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/@next/env/-/env-15.5.18.tgz",
"integrity": "sha512-hAV85Ckd9QR6RvH04MEKwsfLTksvFpO47j9xwtoIuvuPnlwecpSi+uZTtm8HirVbtlI2Fnz//xpcSTjFdyJk+g==",
"license": "MIT"
},
"node_modules/@next/swc-darwin-arm64": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.5.15.tgz",
"integrity": "sha512-6PvFO2Tzt10GFK2Ro9tAVEtacMqRmTarYMFKAnV2vYMdwWc73xzmDQyAV7SwEdMhzmiRoo7+m88DuiXlJlGeaw==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.5.18.tgz",
"integrity": "sha512-w0WvQf1n+txiwns/9pwIQteCJpZTbxzO2SE0FLcwuD4v0WEh1JPOjdyxWL21XwJsdpx8cFRjyzxzCS/siP7HcQ==",
"cpu": [
"arm64"
],
@ -1054,9 +1054,9 @@
}
},
"node_modules/@next/swc-darwin-x64": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-15.5.15.tgz",
"integrity": "sha512-G+YNV+z6FDZTp/+IdGyIMFqalBTaQSnvAA+X/hrt+eaTRFSznRMz9K7rTmzvM6tDmKegNtyzgufZW0HwVzEqaQ==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-15.5.18.tgz",
"integrity": "sha512-znn71QmDuxm+BOaglihMZfvyySMnNljkVIY5Z2TCssBmm+WqL6c19VhtH5ktFkHa8EZ2bnTUpcNcmNSQsg67og==",
"cpu": [
"x64"
],
@ -1070,9 +1070,9 @@
}
},
"node_modules/@next/swc-linux-arm64-gnu": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.5.15.tgz",
"integrity": "sha512-eVkrMcVIBqGfXB+QUC7jjZ94Z6uX/dNStbQFabewAnk13Uy18Igd1YZ/GtPRzdhtm7QwC0e6o7zOQecul4iC1w==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.5.18.tgz",
"integrity": "sha512-yPPe5MNL+igZUa+OsqQJisqSfh6oarIuA1Q0BDxljGJhRQyZeP+WRHh7rs/jZUGMh5aY0YdIjXZG0VohkKkUdw==",
"cpu": [
"arm64"
],
@ -1086,9 +1086,9 @@
}
},
"node_modules/@next/swc-linux-arm64-musl": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.5.15.tgz",
"integrity": "sha512-RwSHKMQ7InLy5GfkY2/n5PcFycKA08qI1VST78n09nN36nUPqCvGSMiLXlfUmzmpQpF6XeBYP2KRWHi0UW3uNg==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.5.18.tgz",
"integrity": "sha512-glaCczEWIrHsokFZ3pP08U4BpKxwIdnT+txdOM32OBgpL9Yw4aqx8NejmgtZQZOdstQ5f0L3CasIZudzCuD+nw==",
"cpu": [
"arm64"
],
@ -1102,9 +1102,9 @@
}
},
"node_modules/@next/swc-linux-x64-gnu": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.5.15.tgz",
"integrity": "sha512-nplqvY86LakS+eeiuWsNWvfmK8pFcOEW7ZtVRt4QH70lL+0x6LG/m1OpJ/tvrbwjmR8HH9/fH2jzW1GlL03TIg==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.5.18.tgz",
"integrity": "sha512-oUfg2EgJmU3R0OCOWiokGFUTvZiPfXtriXiuF3YNxRoROCdgvTedHIzYoeKH34gsZxS/V7mHbfq2hpAHwhH1/A==",
"cpu": [
"x64"
],
@ -1118,9 +1118,9 @@
}
},
"node_modules/@next/swc-linux-x64-musl": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.5.15.tgz",
"integrity": "sha512-eAgl9NKQ84/sww0v81DQINl/vL2IBxD7sMybd0cWRw6wqgouVI53brVRBrggqBRP/NWeIAE1dm5cbKYoiMlqDQ==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.5.18.tgz",
"integrity": "sha512-JLxSP3KTd9iu/bvUMQxH7RJo9xKSHf55/6RPE4a6FTSZygGn7uvZbCej0AHXydwkggQGSD9UddSjwv6Xz5ESfA==",
"cpu": [
"x64"
],
@ -1134,9 +1134,9 @@
}
},
"node_modules/@next/swc-win32-arm64-msvc": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.5.15.tgz",
"integrity": "sha512-GJVZC86lzSquh0MtvZT+L7G8+jMnJcldloOjA8Kf3wXvBrvb6OGe2MzPuALxFshSm/IpwUtD2mIoof39ymf52A==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.5.18.tgz",
"integrity": "sha512-ir1v7enP52K2HNz3tQQvwF+x7VNxBk1ciiZ18WBPvxf4C59IqdfmHPJYK3vH7rSxpuCVw/8C712wTXNAtEp+NA==",
"cpu": [
"arm64"
],
@ -1150,9 +1150,9 @@
}
},
"node_modules/@next/swc-win32-x64-msvc": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.5.15.tgz",
"integrity": "sha512-nFucjVdwlFqxh/JG3hWSJ4p8+YJV7Ii8aPDuBQULB6DzUF4UNZETXLfEUk+oI2zEznWWULPt7MeuTE6xtK1HSA==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.5.18.tgz",
"integrity": "sha512-LIu5me6QTANCd25E7I5uIEfvgQ06RK7tvHAbYo3zCb3VpxQEPvMcSpd87NwUABDT6MbGPdEGR5VRiK4PPTJhQg==",
"cpu": [
"x64"
],
@ -3714,13 +3714,13 @@
}
},
"node_modules/next": {
"version": "15.5.15",
"resolved": "https://registry.npmjs.org/next/-/next-15.5.15.tgz",
"integrity": "sha512-VSqCrJwtLVGwAVE0Sb/yikrQfkwkZW9p+lL/J4+xe+G3ZA+QnWPqgcfH1tDUEuk9y+pthzzVFp4L/U8JerMfMQ==",
"version": "15.5.18",
"resolved": "https://registry.npmjs.org/next/-/next-15.5.18.tgz",
"integrity": "sha512-eKL8zUJkX9Y5lE+RX/2YJoItVdGlIscyVyboeD9wSpp0PaGqjoA4tTpT2qPqz9ax+5IzGESyLSeZ/RCwbSZ2uQ==",
"license": "MIT",
"peer": true,
"dependencies": {
"@next/env": "15.5.15",
"@next/env": "15.5.18",
"@swc/helpers": "0.5.15",
"caniuse-lite": "^1.0.30001579",
"postcss": "8.4.31",
@ -3733,14 +3733,14 @@
"node": "^18.18.0 || ^19.8.0 || >= 20.0.0"
},
"optionalDependencies": {
"@next/swc-darwin-arm64": "15.5.15",
"@next/swc-darwin-x64": "15.5.15",
"@next/swc-linux-arm64-gnu": "15.5.15",
"@next/swc-linux-arm64-musl": "15.5.15",
"@next/swc-linux-x64-gnu": "15.5.15",
"@next/swc-linux-x64-musl": "15.5.15",
"@next/swc-win32-arm64-msvc": "15.5.15",
"@next/swc-win32-x64-msvc": "15.5.15",
"@next/swc-darwin-arm64": "15.5.18",
"@next/swc-darwin-x64": "15.5.18",
"@next/swc-linux-arm64-gnu": "15.5.18",
"@next/swc-linux-arm64-musl": "15.5.18",
"@next/swc-linux-x64-gnu": "15.5.18",
"@next/swc-linux-x64-musl": "15.5.18",
"@next/swc-win32-arm64-msvc": "15.5.18",
"@next/swc-win32-x64-msvc": "15.5.18",
"sharp": "^0.34.3"
},
"peerDependencies": {

4
package.json
View file

@ -1,6 +1,6 @@
{
"name": "corex-nexredirect",
"version": "0.1.31",
"version": "0.1.32",
"license": "MIT",
"overrides": {
"postcss": "^8.5.13",
@ -26,7 +26,7 @@
"clsx": "^2.1.1",
"lucide-react": "^0.511.0",
"maxmind": "^4.3.20",
"next": "^15.5.15",
"next": "^15.5.18",
"next-auth": "^4.24.14",
"nodemailer": "^8.0.7",
"puppeteer-core": "^24.42.0",