Two great pieces of content for this week!
🪲 Next.js and the corrupt middleware: the authorizing artifact
A detailed write-up from the people who actually found the latest Next.js vulnerability: Next.js and the corrupt middleware: the authorizing artifact.
🪲 IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX
A great vulnerability discovered by the Wiz team, allowing them to gain code execution in Kubernetes ingress-nginx. The multiple injections are interesting, but I loved the configuration injection to RCE part the most (very similar to what we saw in the recent Elttam Ruby gadget): IngressNightmare: 9.8 Critical Unauthenticated Remote Code Execution Vulnerabilities in Ingress NGINX.
Related Blog Post