Summary
A vulnerability affecting Next.js has been addressed. It impacted versions
>=15.1.0 <15.1.8 and involved a cache poisoning bug leading to a Denial of Service (DoS) condition.Impact
This issue does not impact customers hosted on Vercel.
Under certain conditions, this issue may allow a HTTP 204 response to be cached for static pages, leading to the 204 response being served to all users attempting to access the page.
This issue required the below conditions to be exploitable:
Using an affected version of Next.js, and;
A route using cache revalidation with ISR (next startor standalone mode); and
A route using SSR, with a CDN configured to cache 204 responses.
Resolution
The issue was resolved by removing the problematic code path that would have caused the 204 response to be set. Additionally, we removed the race condition that could have led to this cache poisoning by no longer relying on a shared response object to populate the Next.js response cache.
Credit
Thanks to Allam Rachid (zhero) and Allam Yasser (inzo_) for responsible disclosure.
References
Read more
Continue reading...