Is your NextJS web application vulnerable to attack?

Recently it came to light that NextJS’s Authentication Middleware was vulnerable to attack by simply passing a few select values via the x-middleware-subrequest header.

Luckily for me I run my Next JS stack in a lambda with custom AWS Cognito authentication.

If you are using NextJS you should probably make fixing that a priority.