Lucene search
K

79 matches found

Cvelist
Cvelist
added 2022/06/27 9:30 p.m.48 views

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

7.5CVSS7.8AI score0.01571EPSS
Exploits0References4
OSV
OSV
added 2022/06/27 9:30 p.m.17 views

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

7.5CVSS7.5AI score0.01571EPSS
Exploits0References6
CVE
CVE
added 2022/06/27 9:30 p.m.651 views

CVE-2022-31093

NextAuth.js (for Next.js) contains a vulnerability where an invalid callbackUrl query parameter can be passed, causing the URL constructor to throw an unhandled error and leading to API route timeouts and login failures. This issue has concrete fixes: upgrading to versions 3.29.5 or 4.5.0 resolve...

7.5CVSS7.5AI score0.01571EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2022/05/21 12:15 a.m.18 views

CVE-2022-29214

NextAuth.js next-auth is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers...

6.1CVSS0.00612EPSS
Exploits0References2
Prion
Prion
added 2022/05/21 12:15 a.m.25 views

Open redirect

NextAuth.js next-auth is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers...

5.8CVSS6.2AI score0.00612EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/05/21 12:0 a.m.5 views

NextAuth.js输入验证错误漏洞

NextAuth.js is a Next.js authentication. An input validation error vulnerability exists in versions of NextAuth.js prior to 3.29.3 and 4.3.3, which stems from an application departing open redirect vulnerability when deploying the OAuth 1.0 program...

6.1CVSS6.1AI score0.00612EPSS
Exploits0References3
CVE
CVE
added 2022/05/20 11:45 p.m.551 views

CVE-2022-29214

CVE-2022-29214 affects NextAuth.js (next-auth). The vulnerability is an open redirect when implementing an OAuth 1 provider, present in versions prior to 3.29.3 (v3) and 4.3.3 (v4). A patch exists in those respective versions (3.29.3 and 4.3.3). If upgrading is not possible, a workaround is docum...

6.1CVSS6.2AI score0.00612EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/20 11:45 p.m.7 views

CVE-2022-29214 URL Redirection to Untrusted Site ('Open Redirect') in next-auth

NextAuth.js next-auth is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers...

6.1CVSS6.3AI score0.00612EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/05/20 11:45 p.m.15 views

CVE-2022-29214 URL Redirection to Untrusted Site ('Open Redirect') in next-auth

NextAuth.js next-auth is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers...

6.1CVSS6.5AI score0.00612EPSS
Exploits0References2
OSV
OSV
added 2022/05/20 11:45 p.m.25 views

CVE-2022-29214 URL Redirection to Untrusted Site ('Open Redirect') in next-auth

NextAuth.js next-auth is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers...

6.1CVSS6.2AI score0.00612EPSS
Exploits0References4
OSV
OSV
added 2022/04/22 8:49 p.m.38 views

GHSA-F9WG-5F46-CJMW NextAuth.js default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. We recommend upgrading to v4 in most cases. See our migration guide.next-auth v4 users before version 4.3.2 are impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a...

6.1CVSS6.1AI score0.0076EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/04/22 8:49 p.m.397 views

NextAuth.js default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. We recommend upgrading to v4 in most cases. See our migration guide.next-auth v4 users before version 4.3.2 are impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a...

6.1CVSS3.3AI score0.0076EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2021/02/11 10:15 p.m.10 views

CVE-2021-21310

NextAuth.js next-auth is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the...

6.1CVSS0.01667EPSS
Exploits1References3
OSV
OSV
added 2021/02/11 10:15 p.m.7 views

CVE-2021-21310

NextAuth.js next-auth is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the...

5.9CVSS5.7AI score
Exploits0References3
Prion
Prion
added 2021/02/11 10:15 p.m.18 views

Default configuration

NextAuth.js next-auth is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the...

4.3CVSS5.6AI score0.01667EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2021/02/11 10:15 p.m.3 views

CVE-2021-21310

NextAuth.js next-auth is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the...

6.1CVSS5.3AI score0.01667EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2021/02/11 9:40 p.m.63 views

CVE-2021-21310

NextAuth.js (next-auth) token verification vulnerability affects the Prisma database adapter when used with the Email provider (before 3.3.0). The defect: verification tokens were checked but not the associated email identifier, enabling sign-in as another user with a valid token. The issue is sp...

6.1CVSS5.6AI score0.01667EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2021/02/11 9:40 p.m.17 views

CVE-2021-21310 Token verification bug in next-auth

NextAuth.js next-auth is am open source authentication solution for Next.js applications. In next-auth before version 3.3.0 there is a token verification vulnerability. Implementations using the Prisma database adapter in conjunction with the Email provider are impacted. Implementations using the...

6.1CVSS6.3AI score0.01667EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2021/02/11 9:36 p.m.52 views

Token verification bug in next-auth

Impact Implementations using the Prisma database adapter with the Email provider are impacted. Implementations using the Prisma database adapter that are not using the Email provider are not impacted. Implementations using the default database adapter TypeORM with the Email provider are not...

6.1CVSS0.9AI score0.01667EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder