Security
Headlines

Headlines Latest CVEs

Headline

GHSA-c59h-r6p8-q9wc: Next.js missing cache-control header may lead to CDN caching empty reply

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets.

12 months ago

Next.js missing cache-control header may lead to CDN caching empty reply

Low severity GitHub Reviewed Published Oct 22, 2023 to the GitHub Advisory Database • Updated Oct 24, 2023

Related news

CVE-2023-46298: Missing cache control directive for server side props response when using middleware and prefetch · Issue #45301 · vercel/next.js

Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN.

12 months ago

#google #dos #nodejs #js #git #chrome

ghsa: Latest News

GHSA-pjwm-cr36-mwv3: ReDoS in giskard's transformation.py (GHSL-2024-324)

2 hours ago

GHSA-j3vq-pmp5-r5xj: Missing ratelimit on passwrod resets in zenml

6 hours ago

GHSA-j3px-q95c-9683: zlib-rs stack overflow during decompression with malicious input

7 hours ago

GHSA-p2h2-3vg9-4p87: Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer

7 hours ago

GHSA-hff8-hjwv-j9q7: Remote Code Execution on click of <a> Link in markdown preview

7 hours ago