@next-auth/upstash-redis-adapter is vulnerable to authentication bypass. The vulnerability exists because the createVerificationToken
function of index.ts
does not properly check the token during the email verification, allowing an attacker to get information about the verification token’s expired duration
CPE | Name | Operator | Version |
---|---|---|---|
@next-auth/upstash-redis-adapter | le | 3.0.1 | |
@next-auth/upstash-redis-adapter | le | 3.0.1 |