ghsa-954c-jjx6-cxv7
Vulnerability from github
Published
2021-06-28 16:46
Modified
2021-06-28 19:06
Severity ?
8.0 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Summary
Reflected XSS from the callback handler's error query parameter
Details

Overview

Versions before and including 1.4.1 are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the error query parameter which is then processed by the callback handler as an error message.

Am I affected?

You are affected by this vulnerability if you are using @auth0/nextjs-auth0 version 1.4.1 or lower unless you are using custom error handling that does not return the error message in an HTML response.

How to fix that?

Upgrade to version 1.4.2.

Will this update impact my users?

The fix adds basic HTML escaping to the error message and it should not impact your users.

Credit

https://github.com/inian https://github.com/git-ishanpatel

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@auth0/nextjs-auth0"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-32702"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-06-25T15:38:26Z",
    "nvd_published_at": "2021-06-25T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Overview\n\nVersions before and including `1.4.1` are vulnerable to reflected XSS.  An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then processed by the callback handler as an error message.\n\n### Am I affected?\nYou are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response.\n\n### How to fix that?\nUpgrade to version `1.4.2`.\n\n### Will this update impact my users?\nThe fix adds basic HTML escaping to the error message and it should not impact your users.\n\n### Credit\n\nhttps://github.com/inian\nhttps://github.com/git-ishanpatel",
  "id": "GHSA-954c-jjx6-cxv7",
  "modified": "2021-06-28T19:06:42Z",
  "published": "2021-06-28T16:46:41Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-954c-jjx6-cxv7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-32702"
    },
    {
      "type": "WEB",
      "url": "https://github.com/auth0/nextjs-auth0/commit/6996e2528ceed98627caa28abafbc09e90163ccf"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/package/@auth0/nextjs-auth0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Reflected XSS from the callback handler\u0027s error query parameter"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.