Overview
Versions<=1.6.1 do not filter out certain returnTo parameter values from the login url, which expose the application to an open redirect vulnerability.
Am I affected?
You are affected by this vulnerability if you are using@auth0/nextjs-auth0 version <=1.6.1.
How to fix that?
Upgrade to version>=1.6.2