Femiajiboye-Okta

**Name of the Vulnerable Software and Affected Versions** Auth0 Next.js SDK versions 4.0.1 through 4.6.0 **Description** The issue concerns the caching of ` session` cookies set by auth0.middleware in CDN environments due to missing Cache-Control headers. Three preconditions must be met for the vulnerability to be exploited: the application must use the NextJS-Auth0 SDK, versions between 4.0.1 to 4.6.0, use CDN or edge caching that caches responses with the Set-Cookie header, and the Cache-Control header must not be properly set for sensitive responses. **Recommendations** For Auth0 Next.js SDK versions 4.0.1 through 4.6.0, upgrade auth0/nextjs-auth0 to v4.6.1 to receive a patch. As a temporary workaround, consider ensuring the Cache-Control header is properly set for sensitive responses to minimize the risk of exploitation.