5 matches found
CVE-2021-32702
The CVE-2021-32702 entry concerns the Auth0 Next.js SDK (@auth0/nextjs-auth0). Affected versions are 1.4.1 and earlier, vulnerable to reflected XSS via an error query parameter processed by the callback handler. The exploit is a reflected XSS that can execute arbitrary code when the error message...
CVE-2021-43812
CVE-2021-43812 affects the Auth0 Next.js SDK. Affected: nextjs-auth0 library versions prior to 1.6.2. Issue: login URL returnTo parameter values are not filtered, allowing an open redirect. Impact: open redirect vulnerability in applications using vulnerable versions. Mitigation: upgrade to versi...
CVE-2025-67716
CVE-2025-67716 affects the Auth0/nextjs-auth0 SDK. Versions 4.9.0–4.12.1 contain an input-validation flaw in the returnTo parameter that can inject unintended OAuth query parameters into the authorization request, potentially causing tokens to be issued with unintended parameters. Remediation: up...
CVE-2026-40155
The CVE concerns the Auth0 Next.js SDK. Affected versions: 4.12.0–4.17.1. Issue: when multiple simultaneous requests trigger a nonce retry, the proxy cache fetcher may perform improper lookups for token request results. Impact: affects projects using both the vulnerable SDK versions and the proxy...
CVE-2025-67490
CVE-2025-67490 affects the Auth0 Next.js SDK (auth0/nextjs-auth0). Versions 4.11.0–4.11.2 and 4.12.0 may cause simultaneous requests on the same client to produce improper lookups in the TokenRequestCache. The issue is fixed in versions 4.11.2 and 4.12.1. If you rely on this SDK, upgrade to 4.11....