Next.js Vulnerability: Cache Poisoning in Static Pages Route
Next.js is a React framework for making web applications. By sending a special HTTP request, it is possible to corrupt the cache of a non-dynamic server-side rendered route in the pages router. This does not affect the app router. When the crafted request is sent, Next.js might cache a route that should not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header, which some upstream CDNs might cache too. For this to happen, all of these must be true: 1. Next.js version between 13.5.1 and 14.2.9, 2. Using pages router, and 3. Using non-dynamic server-side rendered routes like `pages/dashboard.tsx`, not `pages/blog/[slug].tsx`. This issue was fixed in Next.js v13.5.7, v14.2.10, and newer versions. We suggest updating even if you can't reproduce the problem. There are no official or recommended workarounds, so patch to a safe version.
Vulmon