CVE-2021-43812: Security Update for Next.js Auth0 Library

Overview
Am I affected?
How to fix that?
Will this update impact my users?

Published: December 16, 2021 CVE number: CVE-2021-43812

Overview

Versions <=1.6.1 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability.

Am I affected?

You are affected by this vulnerability if you are using @auth0/nextjs-auth0 version <=1.6.1.

How to fix that?

Upgrade to version >=1.6.2

Will this update impact my users?

The fix provided in patch will not affect your users.

CVE-2022-24794: Security Update for Express OpenID Connect Library

CVE-2021-41246: Security Update for Express OpenID Connect Library

⌘I

Protect Your Application

Call APIs On User's Behalf

Protect Your Tenant

Compliance

CVE-2021-43812: Security Update for Next.js Auth0 Library

Overview

Am I affected?

How to fix that?

Will this update impact my users?

Protect Your Application

Call APIs On User's Behalf

Protect Your Tenant

Compliance

Documentation Index

​Overview

​Am I affected?

​How to fix that?

​Will this update impact my users?

Overview

Am I affected?

How to fix that?

Will this update impact my users?