Lucene search

[email protected]CVE-2023-46298

HistoryOct 22, 2023 - 3:15 a.m.

CVE-2023-46298

2023-10-2203:15:07

[email protected]

web.nvd.nist.gov

next.js

cdn caching

denial of service

nvd

cve-2023-46298

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

18.9%

JSON

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

Affected configurations

NVD

Node

vercelnext.jsRange<13.4.20node.js

vercelnext.jsMatch13.4.20canary0node.js

vercelnext.jsMatch13.4.20canary1node.js

vercelnext.jsMatch13.4.20canary10node.js

vercelnext.jsMatch13.4.20canary11node.js

vercelnext.jsMatch13.4.20canary12node.js

vercelnext.jsMatch13.4.20canary2node.js

vercelnext.jsMatch13.4.20canary3node.js

vercelnext.jsMatch13.4.20canary4node.js

vercelnext.jsMatch13.4.20canary5node.js

vercelnext.jsMatch13.4.20canary6node.js

vercelnext.jsMatch13.4.20canary7node.js

vercelnext.jsMatch13.4.20canary8node.js

vercelnext.jsMatch13.4.20canary9node.js

CPENameOperatorVersion
vercel:next.jsvercel next.jslt13.4.20

CPE	Name	Operator	Version
vercel:next.js	vercel next.js	lt	13.4.20

References

github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13

github.com/vercel/next.js/issues/45301

github.com/vercel/next.js/pull/54732

Social References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.0005 Low

EPSS

Percentile

18.9%

JSON

Related for CVE-2023-46298

prion1 github1 osv2 nvd1 cvelist1 veracode1