Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv3

CVE-2023-46298

Published: 22/10/2023 Updated: 28/10/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Next.js

Vulnerability Summary

Next.js prior to 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vercel next.js

vercel next.js 13.4.20

Github Repositories

https://github.com/valentin-panov/nextjs-no-cache-issue

Example project for demonstrating prefetch of data for SSR pages returning empty object without a cache-control header having no-cache directive This can potentially cause issues with CDNs as it did in our case For example CloudFront having a default TTL value of higher than 0, which by default is 24h, would result in the CDN caching the empty response The empty cached respo

References

NVD-CWE-noinfohttps://github.com/vercel/next.js/issues/45301https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13https://github.com/vercel/next.js/pull/54732https://nvd.nist.govhttps://github.com/valentin-panov/nextjs-no-cache-issue
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7028memory leaklog injectionCVE-2024-3400CVE-2022-48695CVE-2022-48675CVE-2024-34487CVE-2024-33792spoof
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook