GHSA-36RG-GFQ2-3H56 Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes
Summary An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. Details In the matchesPattern function, url.startsWith can be deceived with ...