Lucene search
+L

7 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 8:42 a.m.22 views

CVE-2022-31093

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

7.5CVSS6.9AI score0.01609EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/06/27 9:30 p.m.51 views

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

7.5CVSS7.8AI score0.01609EPSS
Exploits0References4
CVE
CVE
added 2022/06/27 9:30 p.m.661 views

CVE-2022-31093

NextAuth.js (for Next.js) contains a vulnerability where an invalid callbackUrl query parameter can be passed, causing the URL constructor to throw an unhandled error and leading to API route timeouts and login failures. This issue has concrete fixes: upgrading to versions 3.29.5 or 4.5.0 resolve...

7.5CVSS7.5AI score0.01609EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2022/06/27 9:30 p.m.5 views

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

7.5CVSS7.6AI score0.01609EPSS
Exploits0References4
OSV
OSV
added 2022/06/27 9:30 p.m.17 views

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

7.5CVSS7.5AI score0.01609EPSS
Exploits0References6
vulnersOsv
vulnersOsv
added 2022/06/21 8:6 p.m.5 views

@5minds/processcube_docflow (>=1.3.2-develop-01bdfb-m4jp5iuo <=2.1.0-test-fb53a9-mispuplg), @adamjoelfraser/auth-drizzle (=1.0.0) +496 more potentially affected by CVE-2022-31093 via next-auth (>=4.10.3 <=4.3.4)

next-auth NPM version =4.10.3, =1.3.2-develop-01bdfb-m4jp5iuo, =0.1.20, =3.0.5, =3.0.3, =1.1.18, =1.1.63, =1.1.7, =1.0.77, =1.0.1, =0.1.0, =1.1.77 - @authjs-web3-providers/core =0.5.0 and more Source cves: CVE-2022-31093 Source advisory: OSV:GHSA-G5FM-JP9V-2432...

7.5CVSS7AI score0.01609EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2022/06/21 8:6 p.m.6 views

@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31093 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)

next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31093 Source advisory: OSV:GHSA-G5FM-JP9V-2432...

7.5CVSS7.1AI score0.01609EPSS
Exploits0
Rows per page
Query Builder