Closed renovate[bot] closed 1 year ago
This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployments, click below or on the icon next to each commit.
🔍 Inspect: https://vercel.com/yurikrupnik/alfred/En89xxqq77yUb7k3kSnfVFd5HFZL
✅ Preview: https://alfred-git-renovate-npm-auth0nextjs-auth0-vu-32a09e-yurikrupnik.vercel.app
🔍 Inspect: https://vercel.com/yurikrupnik/batman/CELoZh5qEnea9CEBVJB8kDvpizHW
✅ Preview: https://batman-git-renovate-npm-auth0nextjs-auth0-vu-413bfc-yurikrupnik.vercel.app
This vulnerability refers to the ability of an attacker to arbitrarily perform a redirection (external) or forward (internal) against the system. It arises due to insufficient validation or sanitisation of inputs used to perform a redirect or forward and may result in privilege escalation (in the case of a forward) or may be used to launch phishing attacks against users (in the case of redirects).
This PR contains the following updates:
1.5.0
->1.6.2
GitHub Vulnerability Alerts
CVE-2021-43812
Overview
Versions
<=1.6.1
do not filter out certainreturnTo
parameter values from the login url, which expose the application to an open redirect vulnerability.Am I affected?
You are affected by this vulnerability if you are using
@auth0/nextjs-auth0
version<=1.6.1
.How to fix that?
Upgrade to version
>=1.6.2
Will this update impact my users?
The fix provided in the patch will not affect your users.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.