search

yurikrupnik / mussia8

Mussia8 base project monorepo poc for api gateway
alfred-lake.vercel.app
MIT License
0 stars 0 forks source link

Update dependency @auth0/nextjs-auth0 to 1.6.2 [SECURITY] - autoclosed #261

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change
@​auth0/nextjs-auth0 1.5.0 -> 1.6.2

GitHub Vulnerability Alerts

CVE-2021-43812

Overview

Versions <=1.6.1 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability.

Am I affected?

You are affected by this vulnerability if you are using @auth0/nextjs-auth0 version <=1.6.1.

How to fix that?

Upgrade to version >=1.6.2

Will this update impact my users?

The fix provided in the patch will not affect your users.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

vercel[bot] commented 2 years ago

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployments, click below or on the icon next to each commit.

alfred – ./packages/ui/clients/alfred

🔍 Inspect: https://vercel.com/yurikrupnik/alfred/En89xxqq77yUb7k3kSnfVFd5HFZL
✅ Preview: https://alfred-git-renovate-npm-auth0nextjs-auth0-vu-32a09e-yurikrupnik.vercel.app

batman – ./packages/ui/clients/batman

🔍 Inspect: https://vercel.com/yurikrupnik/batman/CELoZh5qEnea9CEBVJB8kDvpizHW
✅ Preview: https://batman-git-renovate-npm-auth0nextjs-auth0-vu-413bfc-yurikrupnik.vercel.app

secure-code-warrior-for-github[bot] commented 2 years ago

Micro-Learning Topic: Open redirect (Detected by phrase)

Matched on "open redirect"

What is this? (2min video)

This vulnerability refers to the ability of an attacker to arbitrarily perform a redirection (external) or forward (internal) against the system. It arises due to insufficient validation or sanitisation of inputs used to perform a redirect or forward and may result in privilege escalation (in the case of a forward) or may be used to launch phishing attacks against users (in the case of redirects).

Try this challenge in Secure Code Warrior