Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2022/04/22 8:49 p.m.6 views

@5minds/processcube_docflow (>=1.3.2-develop-01bdfb-m4jp5iuo <=2.1.0-test-fb53a9-mispuplg), @adamjoelfraser/auth-drizzle (=1.0.0) +494 more potentially affected by CVE-2022-24858 via next-auth (>=4.10.3 <=4.2.1)

next-auth NPM version =4.10.3, =1.3.2-develop-01bdfb-m4jp5iuo, =0.1.20, =3.0.5, =3.0.3, =1.1.18, =1.1.63, =1.1.7, =1.0.77, =1.0.1, =0.1.0, =1.1.77 - @authjs-web3-providers/core =0.5.0 and more Source cves: CVE-2022-24858 Source advisory: OSV:GHSA-F9WG-5F46-CJMW...

6.1CVSS6.3AI score0.0076EPSS
Exploits0
Circl
Circl
added 2022/04/20 2:24 a.m.7 views

CVE-2022-24858

creationtimestamp| type| source ---|---|--- 2022-04-20 02:24:47+00:00| seen| https://t.me/cibsecurity/41154...

6.1CVSS6AI score0.0076EPSS
Exploits0References1
CVE
CVE
added 2022/04/19 10:25 p.m.91 views

CVE-2022-24858

The CVE-2022-24858 entry involves NextAuth.js open redirect vulnerability in the default redirect callback. Affected: next-auth before 3.29.2 and before 4.3.2. Root cause: lack of proper URL validation in the redirect callback, enabling malicious redirects. Impact: open redirects as described in ...

6.1CVSS6.2AI score0.0076EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2022/04/19 10:25 p.m.7 views

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

6.1CVSS6.3AI score0.0076EPSS
Exploits0References3
Cvelist
Cvelist
added 2022/04/19 10:25 p.m.36 views

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

6.1CVSS6.4AI score0.0076EPSS
Exploits0References3
Rows per page
Query Builder