|
|
|
|
|
|
by rvz
449 days ago
|
|
|
> So... just adding a "x-middleware-subrequest: true" header bypasses auth? Am I understanding this correctly? correct.
That is how serious this bypass is and why it is a severity 9.1 (I think it should be a 9.8, as it is so trivial by adding a single header.) |
|
|