CVE-2023-46298 Information

Description

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN causing a denial of service to all users requesting the same URL via that CDN.

Reference

https://github.com/vercel/next.js/issues/45301 https://github.com/vercel/next.js/compare/v13.4.20-canary.12…v13.4.20-canary.13 https://github.com/vercel/next.js/pull/54732