CVE-2022-24858

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already have a `redirect` callback, make sure that you match the incoming `url` origin against the `baseUrl`.
Configurations

Configuration 1

cpe:2.3:a:nextauth.js:next-auth:*:*:*:*:*:node.js:*:*
cpe:2.3:a:nextauth.js:next-auth:*:*:*:*:*:node.js:*:*

Information

Published : 2022-04-19 11:15

Updated : 2022-04-29 11:53


NVD link : CVE-2022-24858

Mitre link : CVE-2022-24858

Products Affected
No products.
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')