Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies
Vulnerability Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, `__session` cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for someone to be affected by the vulnerability: Applications using the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, applications using CDN or edge caching that caches responses with the Set-Cookie header, and if the Cache-Control header is not properly set for sensitive responses. Users should upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch.
CVSS Information
N/A
Vulnerability Type
通过浏览器缓存导致的信息暴露
Vulnerability Title
nextjs-auth0 安全漏洞
Vulnerability Description
nextjs-auth0是Auth0开源的一个Next.js SDK,用于使用Auth0登录。 nextjs-auth0 4.0.1至4.6.0及之前版本存在安全漏洞,该漏洞源于缺少Cache-Control标头,可能导致会话cookie被CDN缓存。
CVSS Information
N/A
Vulnerability Type
N/A