漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Auth0 Next.js SDK has Improper Proxy Cache Lookup
Vulnerability Description
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the proxy cache fetcher to perform improper lookups for the token request results. Users are affected if their project uses both the vulnerable versions and the proxy handler /me/* and /my-org/* with DPoP enabled. This issue has been fixed in version 4.18.0.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
nextjs-auth0 安全漏洞
Vulnerability Description
nextjs-auth0是Auth0开源的一个Next.js SDK,用于使用Auth0登录。 nextjs-auth0 4.12.0至4.17.1版本存在安全漏洞,该漏洞源于同时触发随机数重试的请求可能导致代理缓存获取器对令牌请求结果执行不当查找。
CVSS Information
N/A
Vulnerability Type
N/A