Design/Logic Flaw

2023-10-2203:15:00

PRIOn knowledge base

www.prio-n.com

next.js

logic flaw

cdn caching

denial of service

0.0005 Low

EPSS

Percentile

19.0%

JSON

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

CPENameOperatorVersion
next.jslt13.4.20
next.jseq13.4.20 canary1
next.jseq13.4.20 canary2
next.jseq13.4.20 canary3
next.jseq13.4.20 canary4
next.jseq13.4.20 canary5
next.jseq13.4.20 canary6
next.jseq13.4.20 canary7
next.jseq13.4.20 canary8
next.jseq13.4.20 canary9

Name	Operator	Version
next.js	lt	13.4.20
next.js	eq	13.4.20 canary1
next.js	eq	13.4.20 canary2
next.js	eq	13.4.20 canary3
next.js	eq	13.4.20 canary4
next.js	eq	13.4.20 canary5
next.js	eq	13.4.20 canary6
next.js	eq	13.4.20 canary7
next.js	eq	13.4.20 canary8
next.js	eq	13.4.20 canary9