Nextjs Auth0
Monthly
Authentication bypass in Auth0 Next.js SDK versions 4.12.0 through 4.17.1 allows authenticated users with UI interaction to access sensitive endpoints through improper proxy cache lookups during concurrent nonce retry operations. The vulnerability specifically affects deployments using the proxy handler with DPoP (Demonstration of Proof-of-Possession) enabled, potentially exposing confidential user information via /me/* and /my-org/* endpoints. Vendor-released patch: version 4.18.0.
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Authentication bypass in Auth0 Next.js SDK versions 4.12.0 through 4.17.1 allows authenticated users with UI interaction to access sensitive endpoints through improper proxy cache lookups during concurrent nonce retry operations. The vulnerability specifically affects deployments using the proxy handler with DPoP (Demonstration of Proof-of-Possession) enabled, potentially exposing confidential user information via /me/* and /my-org/* endpoints. Vendor-released patch: version 4.18.0.
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.