Vulnerabilities > CVE-2021-43812 - Unspecified vulnerability in Auth0 Nextjs-Auth0
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE Summary
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
Vulnerable Configurations
References
- https://github.com/auth0/nextjs-auth0/commit/0bbd9f8a0c93af51f607f28633b5fb18c5e48ad6
- https://github.com/auth0/nextjs-auth0/commit/0bbd9f8a0c93af51f607f28633b5fb18c5e48ad6
- https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-2mqv-4j3r-vjvp
- https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-2mqv-4j3r-vjvp