back

AI slop security engineering: Okta’s nextjs-0auth troubles

Published
Nov 22, 2025
Share On
Get SIGNAL/NOISE in your inbox daily

In October, I reported two security issues to Okta’s auth0/nextjs-auth0 project, here and here. The latter bug, an oauth parameter injection, allows for a range of types of abuse, like scoping tokens for unintended services, setting redirect_uri and scope to arbitrary values to leak tokens, and so on.

Recent Stories

Jan 14, 2026

Nvidia Gets U.S. Approval to Ship AI Chips to China. Now It Waits on Beijing.

Nvidia stock was reacting to news the Trump administration had finalized the requirements for the chip maker to sell its H200 chips in China.

 Jan 14, 2026

#robotics #automation #warehousing #intralogistics #supplychain #futureofwork #industry40 | Fintech Association Of Kenya

 Jan 14, 2026

What’s New For Accounts Payable Invoice Automation In 2026?

Four trends to watch out for in the AP Invoice Automation Landscape.

No hype. No doom. Just actionable resources and strategies to accelerate your success in the age of AI.

Subscribe to SIGNAL/NOISE

© 2026 OUTSIDER LABS, INC. ALL RIGHTS RESERVED.

POWERED BY PARSE PRIVACY TERMS