|
|
|
|
|
|
by simonw
453 days ago
|
|
|
That depends entirely on how you implemented your middleware. This vulnerability also isn't explicitly about auth: it's about attackers being able to send a colon separated list of middleware to skip. That could affect applications in all kinds of unexpected ways depending on what they are using middleware for and how they designed their application. |
|
|