3 matches found
PT-2026-56300
Name of the Vulnerable Software and Affected Versions Better Auth versions prior to 1.6.11 Description An issue exists in the OAuth callback auto-link gate within the handleOAuthUserInfo function. The system allows implicit account linking when an OAuth provider asserts email verified: true witho...
GHSA-X732-6J76-QMHM Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits
Summary An issue in the underlying router library rou3 can cause /path and //path to be treated as identical routes. If your environment does not normalize incoming URLs e.g., by collapsing multiple slashes, this can allow bypasses of disabledPaths and path-based rate limits. Details Better Auth...
Better Auth's rou3 Dependency has Double-Slash Path Normalization which can Bypass disabledPaths Config and Rate Limits
Summary An issue in the underlying router library rou3 can cause /path and //path to be treated as identical routes. If your environment does not normalize incoming URLs e.g., by collapsing multiple slashes, this can allow bypasses of disabledPaths and path-based rate limits. Details Better Auth...