12 matches found
CVE-2022-35924
NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...
EUVD-2022-6649
Malicious code in bioql PyPI...
GHSA-4RXR-27MM-MXQ9 Upstash Adapter missing token verification
Impact Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected. Description The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checking for the identifier when verifying the token in t...
CVE-2022-35924
NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...
Authorization
NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...
GHSA-XV97-C62V-4587 NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Impact next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.: [email protected],[email protected] to the sign-in endpoint, NextAuth.js would send emails to...
CVE-2022-35924 Verification requests (magic link) sent to unwanted emails
NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...
CVE-2022-35924 Verification requests (magic link) sent to unwanted emails
NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...
CVE-2022-35924 Verification requests (magic link) sent to unwanted emails
NextAuth.js is a complete open source authentication solution for Next.js applications. next-auth users who are using the EmailProvider either in versions before 4.10.3 or 3.29.10 are affected. If an attacker could forge a request that sent a comma-separated list of emails eg.:...
cloud.genesys:web-messaging-sdk (>=3.0.0 <=5.0.0), com.adobe.cq.commerce:cq-commerce-core (>=5.6.0 <=5.13.18) +119 more potentially affected by CVE-2013-5679 via org.owasp.esapi:esapi (=2.0.1)
org.owasp.esapi:esapi MAVEN version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.owasp.esapi:esapi and may be impacted: - cloud.genesys:web-messaging-sdk =3.0.0, =5.6.0, =2.0.54, =5.6.2, =1.0.36, =1.0.24, =5.5.4, =1.0.0, =5.6.4, =1.0.8,...
com.activecq.tools.quickimage:core (=1.0.0), com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.5.0 <=6.4.4) +19 more potentially affected by CVE-2015-2944 via org.apache.sling:org.apache.sling.servlets.post (>=2.0.4-incubator <=2.1.0)
org.apache.sling:org.apache.sling.servlets.post MAVEN version =2.0.4-incubator, =5.5.0, =5.5.0, =5.3.0, =5.3.0, =5.4.0, =1.0.8, =1.0.12, =1.0.6, =5.5.0, =5.6.2, =5.4.0, =5.6.8 and more Source cves: CVE-2015-2944 Source advisory: OSV:GHSA-RXVX-44W5-44R7...