Vulnerabilidades en nextauthjs
10 resultadosCVE-2021-21310MEDIUMToken verification bug in next-authEPSS 1.7%CVE-2022-31093HIGHImproper Handling of `callbackUrl` parameter in next-authEPSS 1.6%CVE-2022-35924CRITICALVerification requests (magic link) sent to unwanted emailsEPSS 1.1%CVE-2022-31127HIGHImproper handling of email input in next-authEPSS 0.9%CVE-2022-24858MEDIUMDefault redirect callback vulnerable to open redirectsEPSS 0.7%CVE-2023-48309MEDIUMnext-auth vulnerable to possible user mocking that bypasses basic authenticationEPSS 0.7%CVE-2022-29214MEDIUMURL Redirection to Untrusted Site ('Open Redirect') in next-authEPSS 0.6%CVE-2022-39263MEDIUMNextAuth.js Upstash Adapter missing token verificationEPSS 0.6%CVE-2023-27490HIGHMissing proper state, nonce and PKCE checks for OAuth authentication in next-authEPSS 0.5%CVE-2022-31186LOWLeakage of excessive information into log in next-authEPSS 0.2%