GHSA-c59h-r6p8-q9wc
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c59h-r6p8-q9wc
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-c59h-r6p8-q9wc/GHSA-c59h-r6p8-q9wc.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c59h-r6p8-q9wc
- Aliases
- Published
- 2023-10-22T03:30:23Z
- Modified
- 2023-11-08T04:13:42.231979Z
- Summary
- Next.js missing cache-control header may lead to CDN caching empty reply
- Details
-
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.
- Database specific
{ "nvd_published_at": "2023-10-22T03:15:07Z", "severity": "LOW", "cwe_ids": [], "github_reviewed_at": "2023-10-24T19:18:58Z", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-46298
- https://github.com/vercel/next.js/issues/45301
- https://github.com/vercel/next.js/pull/54732
- https://github.com/vercel/next.js/commit/20d05958ff853e9c9e42139ffec294336881c648
- https://github.com/vercel/next.js
- https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13
Affected packages
npm / next
Package
- Name
- next
- View open source insights on deps.dev
- Purl
- pkg:npm/next