better-auth better_auth の CVE(2 件)

CVE 件数: 2 CPE versions: View versions table

概要

本ページは better-auth better_auth に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。

表示中 12 / 2 CVE 件数
«« 先頭 « 前へ 1 / 1 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2025-27143 Better Auth is an authentication and authorization library for TypeScript. Prior to version 1.1.21, the application is vulnerable to an open redirect due to improper validation of the callbackURL parameter in the email verification endpoint and any other endpoint that accepts callback url. While the server blocks fully qualified URLs, it incorrectly allows scheme-less URLs. This results in the browser interpreting the URL as a fully qualified URL, leading to unintended redirection. An attacker c [email protected] 6.9 0.32% 2025-02-24 2026-06-17
CVE-2024-56734 Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library. The verify email callback endpoint accepts a `callbackURL` parameter. Unlike other verification methods, email verification only uses JWT to verify and redi [email protected] 7.9 0.38% 2024-12-30 2026-06-17
«« 先頭 « 前へ 1 / 1 次へ »
cvelogic Threat Intelligence