Headline
GHSA-wcgj-f865-c7j7: Improper Request Caching Lookup in the Auth0 Next.js SDK
Description
When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results.
Am I Affected?
You are affected if you meet the following preconditions:
- Applications using the auth0/nextjs-auth0 SDK with a singleton client instance, versions 4.11.0, 4.11.1, and 4.12.0.
Affected product and versions
Auth0/nextjs-auth0 v4.11.0, v4.11.1, and v4.12.0.
Resolution
Upgrade Auth0/nextjs-auth0 version to v4.11.2 or v4.12.1
Acknowledgements
Okta would like to thank Joshua Rogers for their discovery and responsible disclosure.
Description
When using affected versions of the Next.js SDK, simultaneous requests on the same client may result in improper lookups in the TokenRequestCache for the request results.
Am I Affected?
You are affected if you meet the following preconditions:
- Applications using the auth0/nextjs-auth0 SDK with a singleton client instance, versions 4.11.0, 4.11.1, and 4.12.0.
Affected product and versions
Auth0/nextjs-auth0 v4.11.0, v4.11.1, and v4.12.0.
Resolution
Upgrade Auth0/nextjs-auth0 version to v4.11.2 or v4.12.1
Acknowledgements
Okta would like to thank Joshua Rogers for their discovery and responsible disclosure.
References
- GHSA-wcgj-f865-c7j7
- auth0/nextjs-auth0@26cc8a7