[FALSE-POSITIVE] Next.js - Cache Poisoning - Headers

[DShelef]

Template IDs or paths

- http/vulnerabilities/nextjs/nextjs-rsc-cache.yaml

Environment

Not relevant

Steps To Reproduce

Run nuclei -t http/vulnerabilities/nextjs/nextjs-rsc-cache.yaml -u <WEBAPP>

Relevant dumped responses

HTTP/1.1 200 OK
Connection: close
Content-Length: 2
Cache-Control: max-age=0, no-cache, no-store
Date: Mon, 09 Dec 2024 21:38:51 GMT
Expires: Mon, 09 Dec 2024 21:38:51 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=15552000; includeSubDomains;
X-Content-Type-Options: nosniff
X-Matched-Path: /
X-Middleware-Skip: 1

{}

Anything else?

The issue was reported by nuclei even though the webapp isn't vulnerable.

According to the the reference in the template (link) "Since version 13.4.20-canary.13, Next.js has added cache-control to SSR responses to prevent them from being cached". As you can see in the dumped response above, the header cache-control was added and even Pargma: no-cache was added. None of them is checked for in the template.

Couldn't see an open PR for that one or an open issue, so I open this one. Checking for the either of the headers' existence would resolve the problem I believe. Hope I haven't missed anything crucial.