7 matches found
CVE-2022-29214
CVE-2022-29214 affects NextAuth.js (next-auth). The vulnerability is an open redirect when implementing an OAuth 1 provider, present in versions prior to 3.29.3 (v3) and 4.3.3 (v4). A patch exists in those respective versions (3.29.3 and 4.3.3). If upgrading is not possible, a workaround is docum...
CVE-2022-35924
CVE-2022-35924 affects NextAuth.js EmailProvider in versions before 4.10.3 and 3.29.10. An attacker could forge a request with a comma-separated email list, causing the system to send emails to both attacker and victim, potentially bypassing authorization (e.g., email.endsWith checks) when loggin...
CVE-2023-48309
Concrete details: The CVE-2023-48309 flaw affects next-auth (Next.js) apps before v4.24.5 that rely on the default Middleware authorization. An attacker can obtain a NextAuth.js JWT from an interrupted OAuth sign-in flow and override the next-auth.session-token cookie with this unrelated JWT to s...
CVE-2021-21310
NextAuth.js (next-auth) token verification vulnerability affects the Prisma database adapter when used with the Email provider (before 3.3.0). The defect: verification tokens were checked but not the associated email identifier, enabling sign-in as another user with a valid token. The issue is sp...
CVE-2022-31127
CVE-2022-31127 affects NextAuth.js (Next.js) and describes an improper handling of email input at the signin email endpoint. An attacker could inject HTML into the email parameter, causing the HTML content to be rendered in an email sent to a user, enabling phishing. Remediation per sources: patc...
CVE-2022-39263
CVE-2022-39263 affects the Upstash Redis adapter for NextAuth.js when used with the Email Provider prior to v3.0.2. The adapter verifified only the identifier (email) and not the combined identifier + token in the email callback flow, enabling an attacker who knows the victim’s email (and token ex...
CVE-2023-27490
NextAuth.js (for Next.js) versions before 4.20.1 are affected. A partial OAuth session failure lets a network observer or social engineer modify the authorization URL to bypass CSRF checks, potentially logging in as the victim. The issue arises from missing/compromised state, PKCE, and nonce hand...