5 matches found
@5minds/processcube_docflow (>=1.3.2-develop-01bdfb-m4jp5iuo <=2.1.0-test-fb53a9-mispuplg), @adamjoelfraser/auth-drizzle (=1.0.0) +494 more potentially affected by CVE-2022-24858 via next-auth (>=4.10.3 <=4.2.1)
next-auth NPM version =4.10.3, =1.3.2-develop-01bdfb-m4jp5iuo, =0.1.20, =3.0.5, =3.0.3, =1.1.18, =1.1.63, =1.1.7, =1.0.77, =1.0.1, =0.1.0, =1.1.77 - @authjs-web3-providers/core =0.5.0 and more Source cves: CVE-2022-24858 Source advisory: OSV:GHSA-F9WG-5F46-CJMW...
CVE-2022-24858
creationtimestamp| type| source ---|---|--- 2022-04-20 02:24:47+00:00| seen| https://t.me/cibsecurity/41154...
CVE-2022-24858
The CVE-2022-24858 entry involves NextAuth.js open redirect vulnerability in the default redirect callback. Affected: next-auth before 3.29.2 and before 4.3.2. Root cause: lack of proper URL validation in the redirect callback, enabling malicious redirects. Impact: open redirects as described in ...
CVE-2022-24858 Default redirect callback vulnerable to open redirects
next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...
CVE-2022-24858 Default redirect callback vulnerable to open redirects
next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...