CVE-2023-46298

Name of the Vulnerable Software and Affected Versions Next.js versions prior to 13.4.20-canary.13

Description The issue is related to the lack of a cache-control header in Next.js, which can cause empty prefetch responses to be cached by a CDN. This can lead to a denial of service for all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.

Recommendations For versions prior to 13.4.20-canary.13, consider updating to a version that includes the necessary cache-control header to prevent empty prefetch responses from being cached by a CDN. As a temporary workaround, consider configuring your CDN to not cache empty prefetch responses.