Exposição de NextAuth.js
Authentication19
score de exposição
16.885
sites usam
0
em exploração
1
críticos
CVEs
10 resultadosCVE-2021-21310MEDIUMToken verification bug in next-authEPSS 1.7%CVE-2022-31093HIGHImproper Handling of `callbackUrl` parameter in next-authEPSS 1.3%CVE-2022-35924CRITICALVerification requests (magic link) sent to unwanted emailsEPSS 1.1%CVE-2022-31127HIGHImproper handling of email input in next-authEPSS 0.9%CVE-2022-24858MEDIUMDefault redirect callback vulnerable to open redirectsEPSS 0.7%CVE-2023-48309MEDIUMnext-auth vulnerable to possible user mocking that bypasses basic authenticationEPSS 0.7%CVE-2022-29214MEDIUMURL Redirection to Untrusted Site ('Open Redirect') in next-authEPSS 0.6%CVE-2022-39263MEDIUMNextAuth.js Upstash Adapter missing token verificationEPSS 0.6%CVE-2023-27490HIGHMissing proper state, nonce and PKCE checks for OAuth authentication in next-authEPSS 0.5%CVE-2022-31186LOWLeakage of excessive information into log in next-authEPSS 0.2%
Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →