21 matches found
CVE-2025-64762
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762
Summary: The vulnerability CVE-2025-64762 affects the authkit-nextjs package (versions ≤ 2.11.0). Authenticated responses in these versions do not apply anti-caching headers, allowing session tokens to be cached by CDNs and potentially exposed to other users. The issue is resolved in 2.11.1, whic...
authkit-nextjs may let session cookies be cached in CDNs
In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...
EUVD-2025-16914
Malicious code in bioql PyPI...
EUVD-2023-2714
Malicious code in bioql PyPI...
Better Call routing bug can lead to Cache Deception
Summary Using a CDN that caches //.png, //.json, //.css, etc... requests, a cache deception can emerge. This could lead to unauthorized access to user sessions and personal data when cached responses are served to other users. Details The vulnerability occurs in the request processing logic where...
PT-2025-30365 · Npm · Better-Call
Summary Using a CDN that caches //.png, //.json, //.css, etc... requests, a cache deception can emerge. This could lead to unauthorized access to user sessions and personal data when cached responses are served to other users. Details The vulnerability occurs in the request processing logic where...
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
Overview In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Am I Affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK,...
GHSA-F3FG-MF2Q-FJ3F NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
Overview In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Am I Affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK,...
CVE-2025-48947
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...
CVE-2025-48947
The CVE describes a vulnerability in the Auth0 Next.js SDK (auth0/nextjs-auth0) affecting versions 4.0.1–4.6.0 where __session cookies set by auth0.middleware can be cached by CDNs due to missing Cache-Control headers. Preconditions require: (1) use of the NextJS-Auth0 SDK, (2) CDN/edge caching o...
CVE-2025-48947 NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...
GHSA-C59H-R6P8-Q9WC Next.js missing cache-control header may lead to CDN caching empty reply
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets...
Next.js missing cache-control header may lead to CDN caching empty reply
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN. Cloudflare considers these requests cacheable assets...
Design/Logic Flaw
Next.js before 13.4.20-canary.13 lacks a cache-control header and thus empty prefetch responses may sometimes be cached by a CDN, causing a denial of service to all users requesting the same URL via that CDN...
CVE-2023-46298
CVE-2023-46298 affects Next.js (pre-13.4.20-canary.13) where a missing cache-control header can allow empty prefetch responses to be cached by a CDN, enabling a denial of service for users accessing the same URL through that CDN. The available documents identify the affected product and the root ...
Apache Traffic Control Access Control Error Vulnerability
Apache Traffic Control is the United States Apache Apache Foundation's set of distributed , scalable content delivery solutions. The product is mainly used to build large-scale content delivery network. A security vulnerability exists in Apache Traffic Control 3.0.0 to 3.1.0 and 4.0.0 to 4.1.0,...
Radancy: 'X-Forwarded-Host' key used in input without sanitation - possible cache poisoning
Domain and URL: maximum.nl Summary: The HTTP 'X-Forwarded-Host' is dynamically used in the application without sanitization, allowing an attacker control of the input key. This can allow for self-XSS, or when a CDN or caching service is deployed, risk the CDN caching the request and serving the...
CDN caching can lead to leak of user information - CVE-2019-14997
The AccessLogFilter class in Jira before version 8.4.0 allows remote anonymous attackers to learn details about other users, including their username, via an information expose through caching vulnerability when Jira is configured with a reverse Proxy and or a load balancer with caching or a CDN...