next-auth is vulnerable to open redirect. The vulnerability exists in redirect
function in default-callbacks.ts
due to the lack of url validation which allows an attacker to parse malicious urls to redirect the user.
CPE | Name | Operator | Version |
---|---|---|---|
next-auth | le | 3.2.0-canary.17 | |
next-auth | le | 3.2.0-canary.8 | |
next-auth | le | 3.29.1 | |
next-auth | le | 4.3.1 | |
next-auth | le | 3.2.0-canary.17 | |
next-auth | le | 3.2.0-canary.8 | |
next-auth | le | 3.29.1 | |
next-auth | le | 4.3.1 |