Next.js CVE-2023-46298 Vulnerability (CVE-2023-46298)
Description
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.