Количество 2
Количество 2
CVE-2025-67716
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0.
GHSA-mr6f-h57v-rpj5
Improper Validation of Query Parameters in Auth0 Next.js SDK
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-67716 The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions 4.9.0 through 4.12.1 contain an input-validation flaw in the returnTo parameter, which could allow attackers to inject unintended OAuth query parameters into the Auth0 authorization request. Successful exploitation may result in tokens being issued with unintended parameters. This issue is fixed in version 4.13.0. | CVSS3: 5.7 | 0% Низкий | около 2 месяцев назад |
| GHSA-mr6f-h57v-rpj5 Improper Validation of Query Parameters in Auth0 Next.js SDK | CVSS3: 3.7 | 0% Низкий | 2 месяца назад |
Уязвимостей на страницу