nextjs-auth0 安全漏洞

nextjs-auth0 is an open-source Next.js SDK developed by Auth0, used for authentication with Auth0. Versions 4.12.0 to 4.17.1 of nextjs-auth0 contain security vulnerabilities. These vulnerabilities stem from requests that trigger random number retries, which may lead to improper handling of token...

nextjs-auth0 安全漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.9.0 through 4.12.1, which stems from insufficient validation of the returnTo parameter input and could lead to OAuth query parameter injection...

nextjs-auth0 安全漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.11.0 through 4.11.2 and 4.12.0, which stems from the fact that simultaneous requests on the same client may result in improper lookups in TokenRequestCache...

EUVD-2025-113644

Malicious code in figures-fusion-nextjs-auth0 npm...

EUVD-2025-16914

Malicious code in bioql PyPI...

NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies

Overview In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Am I Affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK,...

GHSA-F3FG-MF2Q-FJ3F NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies

Overview In Auth0 Next.js SDK versions 4.0.1 to 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Am I Affected? You are affected by this vulnerability if you meet the following preconditions: 1. Applications using the NextJS-Auth0 SDK,...

CVE-2025-48947 NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...

nextjs-auth0 安全漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A security vulnerability exists in nextjs-auth0 versions 4.0.1 through 4.6.0 and earlier, which stems from a missing Cache-Control header that could result in session cookies being cached by a CDN...

nextjs-auth0 代码问题漏洞

nextjs-auth0 is an Auth0 open source Next.js SDK for logging in using Auth0. A code issue vulnerability exists in versions of nextjs-auth0 prior to 4.0.1 through 4.5.1, which stems from not setting an expiration time when generating JWE tokens...

@perimetre/nextjs-auth (>=0.1.0 <=0.2.1), @zagrajmy/app (>=0.0.1 <=0.1.0-alpha.0) potentially affected by CVE-2021-43812 via @auth0/nextjs-auth0 (>=0.11.0 <=0.16.1)

@auth0/nextjs-auth0 NPM version =0.11.0, =0.1.0, =0.0.1, =0.1.0-alpha.0 Source cves: CVE-2021-43812 Source advisory: OSV:GHSA-2MQV-4J3R-VJVP...

GHSA-2MQV-4J3R-VJVP Open redirect in @auth0/nextjs-auth0

Overview Versions =1.6.2 Will this update impact my users? The fix provided in the patch will not affect your users...

Reflected XSS from the callback handler's error query parameter

Overview Overview @auth0/nextjs-auth0 versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message. Am I affected? You are...

Cross site scripting

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...

CVE-2021-32702 Reflected XSS from the callback handler's error query parameter

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the...

Cross-site Scripting

nextjs-auth0 lacks HTML escaping for error messages...