Описание
Improper Request Caching Lookup in the Auth0 Next.js SDK
Description
When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results.
Am I Affected?
You are affected if you meet the following preconditions:
- Applications using the auth0/nextjs-auth0 SDK with a singleton client instance, versions 4.11.0, 4.11.1, and 4.12.0.
Affected product and versions
Auth0/nextjs-auth0 v4.11.0, v4.11.1, and v4.12.0.
Resolution
Upgrade Auth0/nextjs-auth0 version to v4.11.2 or v4.12.1
Acknowledgements
Okta would like to thank Joshua Rogers (MegaManSec) for their discovery and responsible disclosure.
Пакеты
@auth0/nextjs-auth0
>= 4.11.0, < 4.11.2
4.11.2
@auth0/nextjs-auth0
>= 4.12.0, < 4.12.1
4.12.1
Связанные уязвимости
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.