> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> CVE-2021-43812: Security Update for Next.js Auth0 Library

# CVE-2021-43812: Security Update for Next.js Auth0 Library

**Published**: December 16, 2021

**CVE number**: CVE-2021-43812

### Overview

Versions `<=1.6.1` do not filter out certain `returnTo` parameter values from the login url, which expose the application to an open redirect vulnerability.

### Am I affected?

You are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `<=1.6.1`.

### How to fix that?

Upgrade to version `>=1.6.2`

### Will this update impact my users?

The fix provided in patch will not affect your users.