{"id":"CVE-2024-46982","summary":"Cache Poisoning in next.js","details":"Next.js is a React framework for building full-stack web applications. By sending a crafted HTTP request, it is possible to poison the cache of a non-dynamic server-side rendered route in the pages router (this does not affect the app router). When this crafted request is sent it could coerce Next.js to cache a route that is meant to not be cached and send a `Cache-Control: s-maxage=1, stale-while-revalidate` header which some upstream CDNs may cache as well. To be potentially affected all of the following must apply: 1. Next.js between 13.5.1 and 14.2.9, 2. Using pages router, & 3. Using non-dynamic server-side rendered routes e.g. `pages/dashboard.tsx` not `pages/blog/[slug].tsx`. This vulnerability was resolved in Next.js v13.5.7, v14.2.10, and later. We recommend upgrading regardless of whether you can reproduce the issue or not. There are no official or recommended workarounds for this issue, we recommend that users patch to a safe version.","aliases":["GHSA-gp8f-8m3g-qvj9"],"modified":"2026-04-15T04:47:05.205152Z","published":"2024-09-17T21:55:04.312Z","related":["CGA-gc23-jp54-8cg6"],"database_specific":{"cwe_ids":["CWE-639"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46982.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/46xxx/CVE-2024-46982.json"},{"type":"ADVISORY","url":"https://github.com/vercel/next.js/security/advisories/GHSA-gp8f-8m3g-qvj9"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-46982"},{"type":"FIX","url":"https://github.com/vercel/next.js/commit/7ed7f125e07ef0517a331009ed7e32691ba403d3"},{"type":"FIX","url":"https://github.com/vercel/next.js/commit/bd164d53af259c05f1ab434004bcfdd3837d7cda"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/vercel/next.js","events":[{"introduced":"b546d8b22c0f0749022cd84c22e67ec3628eb027"},{"fixed":"937651fede26a1cdd8a83aa4636719e466fa7f20"}]}],"versions":["v14.0.0","v14.0.1","v14.0.1-canary.0","v14.0.1-canary.1","v14.0.1-canary.2","v14.0.1-canary.3","v14.0.1-canary.4","v14.0.1-canary.5","v14.0.2","v14.0.2-canary.0","v14.0.2-canary.1","v14.0.2-canary.10","v14.0.2-canary.11","v14.0.2-canary.12","v14.0.2-canary.13","v14.0.2-canary.14","v14.0.2-canary.15","v14.0.2-canary.16","v14.0.2-canary.17","v14.0.2-canary.18","v14.0.2-canary.19","v14.0.2-canary.2","v14.0.2-canary.20","v14.0.2-canary.21","v14.0.2-canary.22","v14.0.2-canary.23","v14.0.2-canary.24","v14.0.2-canary.25","v14.0.2-canary.26","v14.0.2-canary.27","v14.0.2-canary.3","v14.0.2-canary.4","v14.0.2-canary.5","v14.0.2-canary.6","v14.0.2-canary.7","v14.0.2-canary.8","v14.0.2-canary.9","v14.0.3","v14.0.3-canary.0","v14.0.3-canary.1","v14.0.3-canary.10","v14.0.3-canary.11","v14.0.3-canary.12","v14.0.3-canary.2","v14.0.3-canary.3","v14.0.3-canary.4","v14.0.3-canary.5","v14.0.3-canary.6","v14.0.3-canary.7","v14.0.3-canary.8","v14.0.3-canary.9","v14.0.4","v14.0.4-canary.0","v14.0.4-canary.1","v14.0.4-canary.10","v14.0.4-canary.11","v14.0.4-canary.12","v14.0.4-canary.13","v14.0.4-canary.14","v14.0.4-canary.15","v14.0.4-canary.16","v14.0.4-canary.17","v14.0.4-canary.18","v14.0.4-canary.19","v14.0.4-canary.2","v14.0.4-canary.20","v14.0.4-canary.21","v14.0.4-canary.22","v14.0.4-canary.23","v14.0.4-canary.24","v14.0.4-canary.25","v14.0.4-canary.26","v14.0.4-canary.27","v14.0.4-canary.28","v14.0.4-canary.29","v14.0.4-canary.3","v14.0.4-canary.30","v14.0.4-canary.31","v14.0.4-canary.32","v14.0.4-canary.33","v14.0.4-canary.34","v14.0.4-canary.35","v14.0.4-canary.36","v14.0.4-canary.37","v14.0.4-canary.38","v14.0.4-canary.39","v14.0.4-canary.4","v14.0.4-canary.40","v14.0.4-canary.41","v14.0.4-canary.42","v14.0.4-canary.43","v14.0.4-canary.44","v14.0.4-canary.45","v14.0.4-canary.46","v14.0.4-canary.47","v14.0.4-canary.48","v14.0.4-canary.49","v14.0.4-canary.5","v14.0.4-canary.6","v14.0.4-canary.7","v14.0.4-canary.8","v14.0.4-canary.9","v14.0.5-canary.0","v14.0.5-canary.1","v14.0.5-canary.10","v14.0.5-canary.11","v14.0.5-canary.12","v14.0.5-canary.13","v14.0.5-canary.14","v14.0.5-canary.15","v14.0.5-canary.16","v14.0.5-canary.17","v14.0.5-canary.18","v14.0.5-canary.19","v14.0.5-canary.2","v14.0.5-canary.20","v14.0.5-canary.21","v14.0.5-canary.22","v14.0.5-canary.23","v14.0.5-canary.24","v14.0.5-canary.25","v14.0.5-canary.26","v14.0.5-canary.27","v14.0.5-canary.28","v14.0.5-canary.29","v14.0.5-canary.3","v14.0.5-canary.30","v14.0.5-canary.31","v14.0.5-canary.32","v14.0.5-canary.33","v14.0.5-canary.34","v14.0.5-canary.35","v14.0.5-canary.36","v14.0.5-canary.37","v14.0.5-canary.38","v14.0.5-canary.39","v14.0.5-canary.4","v14.0.5-canary.40","v14.0.5-canary.41","v14.0.5-canary.42","v14.0.5-canary.43","v14.0.5-canary.44","v14.0.5-canary.45","v14.0.5-canary.46","v14.0.5-canary.47","v14.0.5-canary.48","v14.0.5-canary.49","v14.0.5-canary.5","v14.0.5-canary.50","v14.0.5-canary.51","v14.0.5-canary.52","v14.0.5-canary.53","v14.0.5-canary.54","v14.0.5-canary.55","v14.0.5-canary.56","v14.0.5-canary.57","v14.0.5-canary.58","v14.0.5-canary.59","v14.0.5-canary.6","v14.0.5-canary.60","v14.0.5-canary.61","v14.0.5-canary.62","v14.0.5-canary.63","v14.0.5-canary.64","v14.0.5-canary.65","v14.0.5-canary.66","v14.0.5-canary.67","v14.0.5-canary.68","v14.0.5-canary.7","v14.0.5-canary.8","v14.0.5-canary.9","v14.1.0","v14.1.1-canary.0","v14.1.1-canary.1","v14.1.1-canary.10","v14.1.1-canary.11","v14.1.1-canary.12","v14.1.1-canary.13","v14.1.1-canary.14","v14.1.1-canary.15","v14.1.1-canary.16","v14.1.1-canary.17","v14.1.1-canary.18","v14.1.1-canary.19","v14.1.1-canary.2","v14.1.1-canary.20","v14.1.1-canary.21","v14.1.1-canary.22","v14.1.1-canary.23","v14.1.1-canary.24","v14.1.1-canary.25","v14.1.1-canary.26","v14.1.1-canary.27","v14.1.1-canary.28","v14.1.1-canary.29","v14.1.1-canary.3","v14.1.1-canary.30","v14.1.1-canary.31","v14.1.1-canary.32","v14.1.1-canary.33","v14.1.1-canary.34","v14.1.1-canary.35","v14.1.1-canary.36","v14.1.1-canary.37","v14.1.1-canary.38","v14.1.1-canary.39","v14.1.1-canary.4","v14.1.1-canary.40","v14.1.1-canary.41","v14.1.1-canary.42","v14.1.1-canary.43","v14.1.1-canary.44","v14.1.1-canary.46","v14.1.1-canary.47","v14.1.1-canary.48","v14.1.1-canary.49","v14.1.1-canary.5","v14.1.1-canary.50","v14.1.1-canary.51","v14.1.1-canary.52","v14.1.1-canary.53","v14.1.1-canary.54","v14.1.1-canary.55","v14.1.1-canary.56","v14.1.1-canary.57","v14.1.1-canary.58","v14.1.1-canary.59","v14.1.1-canary.6","v14.1.1-canary.60","v14.1.1-canary.61","v14.1.1-canary.62","v14.1.1-canary.63","v14.1.1-canary.64","v14.1.1-canary.65","v14.1.1-canary.66","v14.1.1-canary.67","v14.1.1-canary.68","v14.1.1-canary.69","v14.1.1-canary.7","v14.1.1-canary.70","v14.1.1-canary.71","v14.1.1-canary.72","v14.1.1-canary.73","v14.1.1-canary.74","v14.1.1-canary.75","v14.1.1-canary.76","v14.1.1-canary.77","v14.1.1-canary.78","v14.1.1-canary.79","v14.1.1-canary.8","v14.1.1-canary.80","v14.1.1-canary.81","v14.1.1-canary.82","v14.1.1-canary.9","v14.1.2-canary.0","v14.1.2-canary.1","v14.1.2-canary.2","v14.1.2-canary.3","v14.1.2-canary.4","v14.1.2-canary.5","v14.1.2-canary.6","v14.1.2-canary.7","v14.2.0","v14.2.0-canary.0","v14.2.0-canary.1","v14.2.0-canary.10","v14.2.0-canary.11","v14.2.0-canary.12","v14.2.0-canary.13","v14.2.0-canary.14","v14.2.0-canary.15","v14.2.0-canary.16","v14.2.0-canary.17","v14.2.0-canary.18","v14.2.0-canary.19","v14.2.0-canary.2","v14.2.0-canary.20","v14.2.0-canary.21","v14.2.0-canary.22","v14.2.0-canary.23","v14.2.0-canary.24","v14.2.0-canary.25","v14.2.0-canary.26","v14.2.0-canary.27","v14.2.0-canary.28","v14.2.0-canary.29","v14.2.0-canary.3","v14.2.0-canary.30","v14.2.0-canary.31","v14.2.0-canary.32","v14.2.0-canary.33","v14.2.0-canary.34","v14.2.0-canary.35","v14.2.0-canary.36","v14.2.0-canary.37","v14.2.0-canary.38","v14.2.0-canary.39","v14.2.0-canary.4","v14.2.0-canary.40","v14.2.0-canary.41","v14.2.0-canary.42","v14.2.0-canary.43","v14.2.0-canary.44","v14.2.0-canary.45","v14.2.0-canary.46","v14.2.0-canary.47","v14.2.0-canary.48","v14.2.0-canary.49","v14.2.0-canary.5","v14.2.0-canary.50","v14.2.0-canary.51","v14.2.0-canary.52","v14.2.0-canary.53","v14.2.0-canary.54","v14.2.0-canary.55","v14.2.0-canary.56","v14.2.0-canary.57","v14.2.0-canary.58","v14.2.0-canary.59","v14.2.0-canary.6","v14.2.0-canary.60","v14.2.0-canary.61","v14.2.0-canary.62","v14.2.0-canary.63","v14.2.0-canary.64","v14.2.0-canary.65","v14.2.0-canary.66","v14.2.0-canary.67","v14.2.0-canary.7","v14.2.0-canary.8","v14.2.0-canary.9","v14.2.1","v14.2.2","v14.2.3","v14.2.4","v14.2.5","v14.2.6","v14.2.7","v14.2.8","v14.2.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-46982.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}