2 matches found
CVE-2024-56734
CVE-2024-56734 affects Better Auth (TypeScript) prior to version 1.1.6, where the verify-email endpoint accepts a callbackURL parameter and uses JWT without proper domain validation. This open-redirect flaw can allow an attacker to redirect users to arbitrary, attacker-controlled sites. Root caus...
CVE-2025-27143
CVE-2025-27143 – Better Auth open redirect . The flaw affects Better Auth (TypeScript) prior to v1.1.21, where the email verification endpoint (and any endpoint accepting a callback URL) fails to validate scheme-less URLs, allowing the browser to treat them as fully qualified URLs. This enables a...