Low severityNVD Advisory· Published Oct 22, 2023· Updated Sep 12, 2024
CVE-2023-46298
CVE-2023-46298
Description
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nextnpm | >= 0.9.9, < 13.4.20-canary.13 | 13.4.20-canary.13 |
Affected products
2- Next.js/Next.jsdescription
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-c59h-r6p8-q9wcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-46298ghsaADVISORY
- github.com/vercel/next.js/commit/20d05958ff853e9c9e42139ffec294336881c648ghsaWEB
- github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13ghsaWEB
- github.com/vercel/next.js/issues/45301ghsaWEB
- github.com/vercel/next.js/pull/54732ghsaWEB
News mentions
0No linked articles in our index yet.