Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46298

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

Published

2023-10-22T03:15:07.630

Last Modified

2024-11-21T08:28:15.220

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vercel	next.js	< 13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes
Application	vercel	next.js	13.4.20	Yes

References

https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13 Product ([email protected])
https://github.com/vercel/next.js/issues/45301 Exploit, Issue Tracking, Third Party Advisory ([email protected])
https://github.com/vercel/next.js/pull/54732 Issue Tracking, Patch ([email protected])
https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13 Product (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vercel/next.js/issues/45301 Exploit, Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/vercel/next.js/pull/54732 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)