Overview
Versions <=1.6.1 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability.
Am I affected?
You are affected by this vulnerability if you are using @auth0/nextjs-auth0 version <=1.6.1.
How to fix that?
Upgrade to version >=1.6.2
Will this update impact my users?
The fix provided in the patch will not affect your users.
Overview
Versions
<=1.6.1do not filter out certainreturnToparameter values from the login url, which expose the application to an open redirect vulnerability.Am I affected?
You are affected by this vulnerability if you are using
@auth0/nextjs-auth0version<=1.6.1.How to fix that?
Upgrade to version
>=1.6.2Will this update impact my users?
The fix provided in the patch will not affect your users.