Add CVE-2021-43812 for GHSA-2mqv-4j3r-vjvp

2025-05-06 18:53:08 +00:00 · 2021-12-16 18:16:55 +00:00 · 2021-12-16 18:16:55 +00:00 · 63e903be11
commit 63e903be11
parent b4b73d0e62
1 changed files with 76 additions and 6 deletions
--- a/2021/43xxx/CVE-2021-43812.json
+++ b/2021/43xxx/CVE-2021-43812.json
@ -1,18 +1,88 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-43812",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Open redirect in nextjs-auth0"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "nextjs-auth0",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 1.6.2"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "auth0"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before 1.6.2 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.4,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "LOW",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "NONE",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-2mqv-4j3r-vjvp",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/auth0/nextjs-auth0/security/advisories/GHSA-2mqv-4j3r-vjvp"
+            },
+            {
+                "name": "https://github.com/auth0/nextjs-auth0/commit/0bbd9f8a0c93af51f607f28633b5fb18c5e48ad6",
+                "refsource": "MISC",
+                "url": "https://github.com/auth0/nextjs-auth0/commit/0bbd9f8a0c93af51f607f28633b5fb18c5e48ad6"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-2mqv-4j3r-vjvp",
+        "discovery": "UNKNOWN"
    }
 }