CVE-2023-46298

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
vercelnext.js
𝑥
< 13.4.20
vercelnext.js
13.4.20:canary0
vercelnext.js
13.4.20:canary1
vercelnext.js
13.4.20:canary10
vercelnext.js
13.4.20:canary11
vercelnext.js
13.4.20:canary12
vercelnext.js
13.4.20:canary2
vercelnext.js
13.4.20:canary3
vercelnext.js
13.4.20:canary4
vercelnext.js
13.4.20:canary5
vercelnext.js
13.4.20:canary6
vercelnext.js
13.4.20:canary7
vercelnext.js
13.4.20:canary8
vercelnext.js
13.4.20:canary9
𝑥
= Vulnerable software versions
References
https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13
https://github.com/vercel/next.js/issues/45301
https://github.com/vercel/next.js/pull/54732
https://github.com/vercel/next.js/compare/v13.4.20-canary.12...v13.4.20-canary.13
https://github.com/vercel/next.js/issues/45301
https://github.com/vercel/next.js/pull/54732