Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 21/05/2022 Updated: 07/06/2022

CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 516

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers recommend adding a certain configuration to one's `callbacks` option as a workaround for those unable to upgrade.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nextauth.js next-auth

CWE-601 https://github.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.3.3 https://github.com/nextauthjs/next-auth/security/advisories/GHSA-q2mx-j4x2-2h74 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2022-29214

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect