exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 2

CVE-2022-24858

почти 4 года назад

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`.

CVSS3: 6.1

EPSS: Низкий

GHSA-f9wg-5f46-cjmw

почти 4 года назад

NextAuth.js default redirect callback vulnerable to open redirects

CVSS3: 6.1

EPSS: Низкий

Уязвимостей на страницу

	Уязвимость	CVSS	EPSS	Опубликовано
	CVE-2022-24858 next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`.	CVSS3: 6.1	0% Низкий	почти 4 года назад
	GHSA-f9wg-5f46-cjmw NextAuth.js default redirect callback vulnerable to open redirects	CVSS3: 6.1	0% Низкий	почти 4 года назад

Уязвимостей на страницу