Next.js: Cache Poisoning Vulnerability in Non-Dynamic Server-Side Rendered Routes

In Next.js versions 13.5.1 to 14.2.9 a high severity vulnerability was detected. This vulnerability allows attackers to poison the cache of non-dynamic server-side rendered routes in the pages router (not affecting the app router) by sending a crafted HTTP request. To fix this issue, it is recommended to upgrade Next.js to versions 13.5.7, 14.2.10, or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-46982.