32 matches found
EUVD-2026-23537
Auth0 Next.js SDK has Improper Proxy Cache Lookup...
Auth0 Next.js SDK has Improper Proxy Cache Lookup
Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...
GHSA-XQ8M-7C5P-C2R6 Auth0 Next.js SDK has Improper Proxy Cache Lookup
Description In affected versions of the Next.js SDK, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Which Projects are Affected? Users are affected if they meet all of the following preconditions: -...
CVE-2026-40155
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...
Incorrect Authorization
Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization in the proxy cache fetcher. An attacker can gain unauthorized access to sensitive information or perform actions with insufficient authorization by...
CVE-2026-40155
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...
CVE-2026-40155
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...
CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...
CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if...
CVE-2026-40155
The CVE concerns the Auth0 Next.js SDK. Affected versions: 4.12.0–4.17.1. Issue: when multiple simultaneous requests trigger a nonce retry, the proxy cache fetcher may perform improper lookups for token request results. Impact: affects projects using both the vulnerable SDK versions and the proxy...
OAuth Parameter Injection
Auth0 Next.js is vulnerable to OAuth Parameter Injection. The vulnerability is due to insufficient validation of the returnTo parameter, where attacker-controlled input can inject unintended OAuth query parameters into the authorization request, potentially resulting in tokens being issued with...
CVE-2025-67716
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...
CVE-2025-67716
CVE-2025-67716 affects the Auth0/nextjs-auth0 SDK. Versions 4.9.0–4.12.1 contain an input-validation flaw in the returnTo parameter that can inject unintended OAuth query parameters into the authorization request, potentially causing tokens to be issued with unintended parameters. Remediation: up...
PT-2025-50563
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request...
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
CVE-2025-67490 Auth0 Next.js SDK has Improper Request Caching Lookup
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...
Incomplete List of Disallowed Inputs
Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via improper validation of the returnTo parameter. An attacker can cause tokens to be issued with unintended parameters by injecting...
GHSA-WCGJ-F865-C7J7 Improper Request Caching Lookup in the Auth0 Next.js SDK
Description When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. Am I Affected? You are affected if you meet the following preconditions: - Applications using the auth0/nextjs-aut...
Incorrect Authorization
Overview @auth0/nextjs-auth0 is a Next.js SDK for signing in with Auth0 Affected versions of this package are vulnerable to Incorrect Authorization via improper lookups in TokenRequestCache. An attacker can access sensitive information belonging to other users by making simultaneous requests on t...
PT-2025-50552
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in...