7 matches found
CVE-2022-31093
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...
CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...
CVE-2022-31093
NextAuth.js (for Next.js) contains a vulnerability where an invalid callbackUrl query parameter can be passed, causing the URL constructor to throw an unhandled error and leading to API route timeouts and login failures. This issue has concrete fixes: upgrading to versions 3.29.5 or 4.5.0 resolve...
CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...
CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...
@5minds/processcube_docflow (>=1.3.2-develop-01bdfb-m4jp5iuo <=2.1.0-test-fb53a9-mispuplg), @adamjoelfraser/auth-drizzle (=1.0.0) +496 more potentially affected by CVE-2022-31093 via next-auth (>=4.10.3 <=4.3.4)
next-auth NPM version =4.10.3, =1.3.2-develop-01bdfb-m4jp5iuo, =0.1.20, =3.0.5, =3.0.3, =1.1.18, =1.1.63, =1.1.7, =1.0.77, =1.0.1, =0.1.0, =1.1.77 - @authjs-web3-providers/core =0.5.0 and more Source cves: CVE-2022-31093 Source advisory: OSV:GHSA-G5FM-JP9V-2432...
@app-box/web (=1.0.0), @comet/cms-site (>=3.0.0-canary.160.0 <=4.0.0-canary.1049.0) +33 more potentially affected by CVE-2022-31093 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.29.10)
next-auth NPM version =0.0.0-manual.83c4ebd1, =3.0.0-canary.160.0, =2.0.1-canary.24.0, =1.0.99-0.next12, =0.1.0, =0.46.0, =0.30.0, =0.3.0, =0.10.0, =0.2.0, =0.3.0, =0.3.0, =0.4.0, =0.1.0, =0.1.3 and more Source cves: CVE-2022-31093 Source advisory: OSV:GHSA-G5FM-JP9V-2432...