CVE-2023-46298

2023-10-2203:15:07

Google

osv.dev

next.js

denial of service

cache-control

cdn

7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

19.0%

JSON

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

CPENameOperatorVersion
next.jseq1.1.1
next.jseq13.2.5-canary.22
next.jseq12.0.8-canary.20
next.jseq12.1.7-canary.38
next.jseq12.1.1-canary.18
next.jseq13.0.2-canary.0
next.jseq8.0.4-canary.16
next.jseq8.0.4-canary.8
next.jseq8.1.1-canary.37
next.jseq9.2.1-canary.4

Name	Operator	Version
next.js	eq	1.1.1
next.js	eq	13.2.5-canary.22
next.js	eq	12.0.8-canary.20
next.js	eq	12.1.7-canary.38
next.js	eq	12.1.1-canary.18
next.js	eq	13.0.2-canary.0
next.js	eq	8.0.4-canary.16
next.js	eq	8.0.4-canary.8
next.js	eq	8.1.1-canary.37
next.js	eq	9.2.1-canary.4