Количество 2
Количество 2
CVE-2025-48370
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best practice and validate user controlled inputs, such as the userId are not affected by this. This issue has been patched in version 2.69.1.
GHSA-8r88-6cj9-9fh5
auth-js Vulnerable to Insecure Path Routing from Malformed User Input
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-48370 auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.69.1, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, resulting in the wrong API function being called. Implementations that follow security best practice and validate user controlled inputs, such as the userId are not affected by this. This issue has been patched in version 2.69.1. | 0% Низкий | 9 месяцев назад | |
| GHSA-8r88-6cj9-9fh5 auth-js Vulnerable to Insecure Path Routing from Malformed User Input | 0% Низкий | 9 месяцев назад |
Уязвимостей на страницу