gsd-2022-31093
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-31093",
"description": "NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more.",
"id": "GSD-2022-31093"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-31093"
],
"details": "NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more.",
"id": "GSD-2022-31093",
"modified": "2023-12-13T01:19:17.787397Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31093",
"STATE": "PUBLIC",
"TITLE": "Improper Handling of `callbackUrl` parameter in next-auth"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "next-auth",
"version": {
"version_data": [
{
"version_value": "\u003c 3.29.5"
},
{
"version_value": "\u003e= 4.0.0, \u003c 4.5.0"
}
]
}
}
]
},
"vendor_name": "nextauthjs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-754: Improper Check for Unusual or Exceptional Conditions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432",
"refsource": "CONFIRM",
"url": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432"
},
{
"name": "https://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85",
"refsource": "MISC",
"url": "https://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85"
},
{
"name": "https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6",
"refsource": "MISC",
"url": "https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6"
},
{
"name": "https://next-auth.js.org/configuration/initialization#advanced-initialization",
"refsource": "MISC",
"url": "https://next-auth.js.org/configuration/initialization#advanced-initialization"
}
]
},
"source": {
"advisory": "GHSA-g5fm-jp9v-2432",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003e=3.0.0 \u003c3.29.5||\u003e=4.0.0 \u003c4.5.0",
"affected_versions": "All versions starting from 3.0.0 before 3.29.5, all versions starting from 4.0.0 before 4.5.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-754",
"CWE-937"
],
"date": "2022-07-07",
"description": "NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more.",
"fixed_versions": [
"3.29.5",
"4.5.0"
],
"identifier": "CVE-2022-31093",
"identifiers": [
"CVE-2022-31093",
"GHSA-g5fm-jp9v-2432",
"GMS-2022-2609"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.29.5 before 4.0.0, all versions starting from 4.5.0",
"package_slug": "npm/next-auth",
"pubdate": "2022-06-27",
"solution": "Upgrade to versions 3.29.5, 4.5.0 or above.",
"title": "Improper Check for Unusual or Exceptional Conditions",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-31093",
"https://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85",
"https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6",
"https://next-auth.js.org/configuration/initialization#advanced-initialization",
"https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432",
"https://github.com/advisories/GHSA-g5fm-jp9v-2432"
],
"uuid": "108d507c-1828-49a5-8e53-0f8d1dc89032"
},
{
"affected_range": "\u003c0",
"affected_versions": "All versions before 3.29.5, all versions starting from 4.0.0 before 4.5.0",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-06-22",
"description": "An attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally we convert to a `URL` object.",
"fixed_versions": [
"3.29.5",
"4.5.0"
],
"identifier": "GMS-2022-2609",
"identifiers": [
"GHSA-g5fm-jp9v-2432",
"GMS-2022-2609",
"CVE-2022-31093"
],
"not_impacted": "All versions starting from 3.29.5 before 4.0.0, all versions starting from 4.5.0",
"package_slug": "npm/next-auth",
"pubdate": "2022-06-21",
"solution": "Upgrade to versions 3.29.5, 4.5.0 or above.",
"title": "Duplicate of ./npm/next-auth/CVE-2022-31093.yml",
"urls": [
"https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432",
"https://github.com/advisories/GHSA-g5fm-jp9v-2432"
],
"uuid": "6cd7fb27-b1a2-4765-ad5c-fed0964803a2"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:nextauth.js:next-auth:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "4.5.0",
"versionStartIncluding": "4.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:nextauth.js:next-auth:*:*:*:*:*:node.js:*:*",
"cpe_name": [],
"versionEndExcluding": "3.29.5",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31093"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextauthjs/next-auth/commit/25517b73153332d948114bacdff3b5908de91d85"
},
{
"name": "https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/nextauthjs/next-auth/commit/e498483b23273d1bfc81be68339607f88d411bd6"
},
{
"name": "https://next-auth.js.org/configuration/initialization#advanced-initialization",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://next-auth.js.org/configuration/initialization#advanced-initialization"
},
{
"name": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432",
"refsource": "CONFIRM",
"tags": [
"Mitigation",
"Third Party Advisory"
],
"url": "https://github.com/nextauthjs/next-auth/security/advisories/GHSA-g5fm-jp9v-2432"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-07-07T19:45Z",
"publishedDate": "2022-06-27T22:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…