Skip to content

[FALSE-POSITIVE] Next.js - Cache Poisoning - Headers #11473

New issue
New issue
Closed
#11532
Closed
[FALSE-POSITIVE] Next.js - Cache Poisoning - Headers#11473
#11532
Assignees
princechaddha
Labels
DoneReady to mergefalse-positiveNuclei template reporting invalid/unexpected result
@DShelef

Description

@DShelef
DShelef
opened on Jan 11, 2025

Template IDs or paths

- http/vulnerabilities/nextjs/nextjs-rsc-cache.yaml

Environment

Not relevant

Steps To Reproduce

Run nuclei -t http/vulnerabilities/nextjs/nextjs-rsc-cache.yaml -u <WEBAPP>

Relevant dumped responses

HTTP/1.1 200 OK
Connection: close
Content-Length: 2
Cache-Control: max-age=0, no-cache, no-store
Date: Mon, 09 Dec 2024 21:38:51 GMT
Expires: Mon, 09 Dec 2024 21:38:51 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=15552000; includeSubDomains;
X-Content-Type-Options: nosniff
X-Matched-Path: /
X-Middleware-Skip: 1

{}

Anything else?

The issue was reported by nuclei even though the webapp isn't vulnerable.

According to the the reference in the template (link) "Since version 13.4.20-canary.13, Next.js has added cache-control to SSR responses to prevent them from being cached". As you can see in the dumped response above, the header cache-control was added and even Pargma: no-cache was added. None of them is checked for in the template.

Couldn't see an open PR for that one or an open issue, so I open this one. Checking for the either of the headers' existence would resolve the problem I believe. Hope I haven't missed anything crucial.

Metadata

Metadata

Assignees

Labels

DoneReady to mergefalse-positiveNuclei template reporting invalid/unexpected result

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions