← voltar
CVE-2025-67490

Auth0 Next.js SDK has Improper Request Caching Lookup

CVSS 5.4 MEDIUMEPSS 0.2%CWE-863
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. When using versions 4.11.0 through 4.11.2 and 4.12.0, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results. This issue is fixed in versions 4.11.2 and 4.12.1.
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Produtos afetados
auth0 · nextjs-auth0

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/auth0/nextjs-auth0/commit/26cc8a7c60f4b134700912736f991a25bd6bbf0bhttps://github.com/auth0/nextjs-auth0/security/advisories/GHSA-wcgj-f865-c7j7