What is CVE-2021-43812?

CVE-2021-43812 is a medium-severity vulnerability in Auth0 Nextjs-auth0, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.4/10. Published 2021-12-16.

How severe is CVE-2021-43812?

Medium severity. CVSS v3 base score is 6.4 out of 10.

Open Redirect in Auth0 Nextjs-auth0

CVE-2021-43812

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect…

Vulnerability class: Open Redirect

EPSS: 0.002 (41.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.

Affected products

Auth0 Nextjs-auth0 — versions < 1.6.2

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

github.com/auth0/nextjs-auth0/security/advisories/GHSA-2mqv-4j3r-vjvp (x_refsource_CONFIRM)
github.com/auth0/nextjs-auth0/commit/0bbd9f8a0c93af51f607f28633b5fb18c5e48ad6 (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-43812?: CVE-2021-43812 is a medium-severity vulnerability in Auth0 Nextjs-auth0, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.4/10. Published 2021-12-16.
How severe is CVE-2021-43812?: Medium severity. CVSS v3 base score is 6.4 out of 10.