7.5

CVE-2023-46298

Exploit
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VercelNext.Js SwPlatformnode.js Version < 13.4.20
VercelNext.Js Version13.4.20 Updatecanary0 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary1 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary10 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary11 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary12 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary2 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary3 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary4 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary5 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary6 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary7 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary8 SwPlatformnode.js
VercelNext.Js Version13.4.20 Updatecanary9 SwPlatformnode.js
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.36% 0.573
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
https://github.com/vercel/next.js/issues/45301
Third Party Advisory
Exploit
Issue Tracking