Lucene search
+L

44 matches found

Vulnrichment
Vulnrichment
added 2022/04/19 10:25 p.m.7 views

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

6.1CVSS6.3AI score0.0076EPSS
Exploits0References3
OSV
OSV
added 2022/04/19 10:25 p.m.32 views

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

6.1CVSS6.2AI score0.0076EPSS
Exploits0References5
Node.js
Node.js
added 2021/02/24 3:18 a.m.65 views

Token Verification Bug

Overview Impact next-auth implementations using the Prisma database adapter with the Email provider are impacted. Implementations using the Prisma database adapter that are not using the Email provider are not impacted. Implementations using the default database adapter TypeORM with the Email...

4.3CVSS5.7AI score0.01667EPSS
Exploits1Affected Software1
CVE
CVE
added 2021/02/11 9:40 p.m.64 views

CVE-2021-21310

NextAuth.js (next-auth) token verification vulnerability affects the Prisma database adapter when used with the Email provider (before 3.3.0). The defect: verification tokens were checked but not the associated email identifier, enabling sign-in as another user with a valid token. The issue is sp...

6.1CVSS5.6AI score0.01667EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder