← volver
CVE-2025-67490

Auth0 Next.js SDK has Improper Request Caching Lookup

CVSS 5.4 MEDIUMEPSS 0.2%CWE-863
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Productos afectados
auth0 · nextjs-auth0

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/auth0/nextjs-auth0/commit/26cc8a7c60f4b134700912736f991a25bd6bbf0bhttps://github.com/auth0/nextjs-auth0/security/advisories/GHSA-wcgj-f865-c7j7