all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2022-35924 (next-auth)

Add to bookmarks
Aug. 2, 2022, 6:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

NextAuth.js is a complete open source authentication solution for Next.js applications. `next-auth` users who are using the `EmailProvider` either in versions before `4.10.3` or `3.29.10` are affected. If an attacker could forge a request that sent a comma-separated list of emails (eg.: `attacker@attacker.com,victim@victim.com`) to the sign-in endpoint, NextAuth.js would send emails to both the attacker and the victim's e-mail addresses. The attacker could then login as a newly created user with the email being `attacker@attacker.com,victim@victim.com`. This means that basic authorization …

auth cve

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Sr. Cloud Security Engineer

@ BLOCKCHAINS | USA - Remote
View on infosec-jobs.com

Network Security (SDWAN: Velocloud) Infrastructure Lead

@ Sopra Steria | Noida, Uttar Pradesh, India
View on infosec-jobs.com

Senior Python Engineer, Cloud Security

@ Darktrace | Cambridge
View on infosec-jobs.com

Senior Security Consultant

@ Nokia | United States
View on infosec-jobs.com

Manager, Threat Operations

@ Ivanti | United States, Remote
View on infosec-jobs.com

Lead Cybersecurity Architect - Threat Modeling | AWS Cloud Security

@ JPMorgan Chase & Co. | Columbus, OH, United States
View on infosec-jobs.com
View more jobs