CNNVD-202512-1764 Information

CNNVD ID

CNNVD-202512-1764

Related CVE

CVE-2025-67490

• CNNVD Published: 2025-12-10

Description (Chinese)

nextjs-auth0是Auth0开源的一个Next.js SDK，用于使用Auth0登录。 nextjs-auth0 4.11.0版本至4.11.2版本和4.12.0版本存在安全漏洞，该漏洞源于同一客户端上的同时请求可能导致TokenRequestCache中的查找不当。

Description (English)

Nextjs-auth0 is a Next.js SDK, an open source for Auth0 and is used for Auth0 login. There is a security loophole between versions 0.11.0 to 4.11.2 and 4.12.0 of the nexttjs-auth, which originates from a simultaneous request on the same client, which could lead to an improper search in TokenRequestCache.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Auth0

Published

2025-12-10

Last Modified

2026-02-24

References

https://github.com/auth0/nextjs-auth0/commit/26cc8a7c60f4b134700912736f991a25bd6bbf0b https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-wcgj-f865-c7j7

Patch

https://github.com/auth0/nextjs-auth0/releases