A low severity cache poisoning vulnerability was discovered in Next.js. This affects versions as a bypass of the previous . The issue happens when an attacker exploits a race condition between two requests — one containing the query parameter and another with the header.>14.2.24?__nextDataRequest=1x-now-route-matches through 14.2.24 through <15.1.6 Stripping the header from all incoming requests at your CDNx-now-route-matches Setting for all responses under riskcache-control: no-store