exploitDog

CVE-2025-67716

Опубликовано: 11 дек. 2025

Источник: nvd

CVSS3: 5.7

EPSS Низкий

Описание

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0.

Ссылки

EPSS

Процентиль: 17%

0.00054

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-184

Связанные уязвимости

GHSA-mr6f-h57v-rpj5

CVSS3: 3.7

github

около 2 месяцев назад

Improper Validation of Query Parameters in Auth0 Next.js SDK

EPSS

Процентиль: 17%

0.00054

Низкий

5.7 Medium

CVSS3

Дефекты

CWE-184