{
  "service": "nextjs-nuclei-training-server",
  "framework": "Next.js",
  "simulatedNextVersion": "16.2.5",
  "labOnly": true,
  "publicUrls": {
    "courseBaseUrl": "https://security-wave.n-e.kr",
    "labBaseUrl": "https://lab.security-wave.n-e.kr"
  },
  "nmapLab": {
    "visiblePorts": [
      80,
      443,
      2121,
      2201,
      8088,
      9091,
      13306
    ],
    "hiddenRange": "10000-10100"
  },
  "profiles": [
    {
      "id": "nextjs-middleware-segment-prefetch-bypass-awareness",
      "proof": "LAB_PROOF_NEXTJS_MIDDLEWARE_BYPASS_ONLY",
      "references": [
        "https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f",
        "https://github.com/vercel/next.js/security/advisories/GHSA-26hh-7cqf-hhc6"
      ]
    },
    {
      "id": "react-rsc-rce-awareness",
      "proof": "LAB_PROOF_REACT_RSC_RCE_AWARENESS_ONLY",
      "references": [
        "https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components",
        "https://nextjs.org/blog/CVE-2025-66478"
      ]
    }
  ]
}