Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Vulnerability Description
NextAuth.js (next-auth) is am open source authentication solution for Next.js applications. Prior to versions 3.29.3 and 4.3.3, an open redirect vulnerability is present when the developer is implementing an OAuth 1 provider. Versions 3.29.3 and 4.3.3 contain a patch for this issue. The maintainers recommend adding a certain configuration to one's `callbacks` option as a workaround for those unable to upgrade.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Vulnerability Type
指向未可信站点的URL重定向(开放重定向)
Vulnerability Title
NextAuth.js输入验证错误漏洞
Vulnerability Description
NextAuth.js是一种 Next.js 的身份验证。 NextAuth.js 3.29.3和4.3.3之前版本存在输入验证错误漏洞,该漏洞源于应用在部署OAuth1.0程序时候出发开放重定向漏洞。
CVSS Information
N/A
Vulnerability Type
N/A