Lucene search
Veracode Vulnerability DatabaseVERACODE:35186HistoryApr 21, 2022 - 3:03 a.m.
Open Redirect
2022-04-2103:03:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
21
0.001 Low
EPSS
Percentile
42.4%
next-auth is vulnerable to open redirect. The vulnerability exists in redirect function in default-callbacks.ts due to the lack of url validation which allows an attacker to parse malicious urls to redirect the user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| next-auth | le | 3.2.0-canary.17 | |
| next-auth | le | 3.2.0-canary.8 | |
| next-auth | le | 3.29.1 | |
| next-auth | le | 4.3.1 | |
| next-auth | le | 3.2.0-canary.17 | |
| next-auth | le | 3.2.0-canary.8 | |
| next-auth | le | 3.29.1 | |
| next-auth | le | 4.3.1 |
Related
github
github
NextAuth.js default redirect callback vulnerable to open redirects
2022-04-22 20:49:09
cvelist
cvelist
CVE-2022-24858 Default redirect callback vulnerable to open redirects
2022-04-19 22:25:10
osv
osv
CVE-2022-24858
2022-04-19 23:15:13
NextAuth.js default redirect callback vulnerable to open redirects
2022-04-22 20:49:09
nvd
nvd
CVE-2022-24858
2022-04-19 23:15:13
cve
cve
CVE-2022-24858
2022-04-19 23:15:13
prion
prion
Design/Logic Flaw
2022-04-19 23:15:00