Lucene search
K
Auth0Nextjs-auth0

5 matches found

CVE
CVE
added 2021/06/25 4:25 p.m.94 views

CVE-2021-32702

The CVE-2021-32702 entry concerns the Auth0 Next.js SDK (@auth0/nextjs-auth0). Affected versions are 1.4.1 and earlier, vulnerable to reflected XSS via an error query parameter processed by the callback handler. The exploit is a reflected XSS that can execute arbitrary code when the error message...

8CVSS6.8AI score0.01403EPSS
CVE
CVE
added 2021/12/16 6:20 p.m.62 views

CVE-2021-43812

CVE-2021-43812 affects the Auth0 Next.js SDK. Affected: nextjs-auth0 library versions prior to 1.6.2. Issue: login URL returnTo parameter values are not filtered, allowing an open redirect. Impact: open redirect vulnerability in applications using vulnerable versions. Mitigation: upgrade to versi...

6.4CVSS6.2AI score0.00656EPSS
CVE
CVE
added 2025/12/11 12:21 a.m.24 views

CVE-2025-67716

CVE-2025-67716 affects the Auth0/nextjs-auth0 SDK. Versions 4.9.0–4.12.1 contain an input-validation flaw in the returnTo parameter that can inject unintended OAuth query parameters into the authorization request, potentially causing tokens to be issued with unintended parameters. Remediation: up...

5.7CVSS6.4AI score0.0023EPSS
CVE
CVE
added 2026/04/17 8:54 p.m.18 views

CVE-2026-40155

The CVE concerns the Auth0 Next.js SDK. Affected versions: 4.12.0–4.17.1. Issue: when multiple simultaneous requests trigger a nonce retry, the proxy cache fetcher may perform improper lookups for token request results. Impact: affects projects using both the vulnerable SDK versions and the proxy...

5.4CVSS5.7AI score0.00214EPSS
CVE
CVE
added 2025/12/10 10:16 p.m.13 views

CVE-2025-67490

CVE-2025-67490 affects the Auth0 Next.js SDK (auth0/nextjs-auth0). Versions 4.11.0–4.11.2 and 4.12.0 may cause simultaneous requests on the same client to produce improper lookups in the TokenRequestCache. The issue is fixed in versions 4.11.2 and 4.12.1. If you rely on this SDK, upgrade to 4.11....

5.4CVSS6.5AI score0.00178EPSS