CVE-2022-31127

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31127

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31127.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31127

Aliases

GHSA-pgjx-7f9g-9463

Related

GHSA-pgjx-7f9g-9463

Published

2022-07-06T18:15:19Z

Modified

2025-07-29T10:32:09.786494Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail signin endpoint that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: balazs@email.com, <a href="http://attacker.com">Before signing in, claim your money!</a>. This was previously sent to balazs@email.com, and the content of the email containing a link to the attacker's site was rendered in the HTML. This has been remedied in the following releases, by simply not rendering that e-mail in the HTML, since it should be obvious to the receiver what e-mail they used: next-auth v3 users before version 3.29.8 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. next-auth v4 users before version 4.9.0 are impacted. If for some reason you cannot upgrade, the workaround requires you to sanitize the email parameter that is passed to sendVerificationRequest and rendered in the HTML. If you haven't created a custom sendVerificationRequest, you only need to upgrade. Otherwise, make sure to either exclude email from the HTML body or efficiently sanitize it.

References

Affected packages

Git / github.com/nextauthjs/next-auth

Affected ranges

Type: GIT
Repo: https://github.com/nextauthjs/next-auth
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2adfadefdc14aad9fbd19d9534e9261f9bff8ede

Fixed

ae834f1e08a4a9915665eecb9479c74c6b039c9c

Affected versions

@next-auth/mikro-orm-adapter@v2.*

@next-auth/mikro-orm-adapter@v2.0.0

@next-auth/mongodb-adapter@v1.*

@next-auth/mongodb-adapter@v1.0.2

@next-auth/prisma-adapter@v1.*

@next-auth/prisma-adapter@v1.0.2

@next-auth/typeorm-legacy-adapter@v1.*

@next-auth/typeorm-legacy-adapter@v1.0.2

next-auth@v4.*

next-auth@v4.3.0

next-auth@v4.3.1

next-auth@v4.3.3

next-auth@v4.3.4

next-auth@v4.5.0

next-auth@v4.6.1

next-auth@v4.8.0

v1.*

v1.13.0

v2.*

v2.0

v2.0.1

v2.1.0

v2.2.0

v3.*

v3.0.0

v3.0.1

v3.1.0

v3.10.0

v3.10.1

v3.11.0

v3.11.1

v3.11.2

v3.12.0

v3.13.0

v3.13.1

v3.13.2

v3.13.3

v3.14.0

v3.14.1

v3.14.2

v3.14.3

v3.14.4

v3.14.5

v3.14.6

v3.14.7

v3.14.8

v3.15.0

v3.15.1

v3.15.10

v3.15.11

v3.15.12

v3.15.13

v3.15.2

v3.15.3

v3.15.4

v3.15.5

v3.15.6

v3.15.7

v3.15.8

v3.15.9

v3.16.0

v3.16.1

v3.17.0

v3.17.1

v3.17.2

v3.18.0

v3.18.1

v3.18.2

v3.19.0

v3.19.1

v3.19.2

v3.19.3

v3.19.4

v3.19.5

v3.19.6

v3.19.7

v3.19.8

v3.2.0

v3.2.1

v3.20.0

v3.20.1

v3.21.0

v3.21.1

v3.22.0

v3.23.0

v3.23.1

v3.23.2

v3.23.3

v3.24.0

v3.24.1

v3.25.0

v3.26.0

v3.26.1

v3.27.0

v3.27.1

v3.27.2

v3.27.3

v3.28.0

v3.29.0

v3.3.0

v3.3.1

v3.4.0

v3.4.1

v3.4.2

v3.5.0

v3.5.1

v3.6.0

v3.6.1

v3.7.0

v3.7.1

v3.8.0

v3.9.0

v4.*

v4.0.0-beta.1

v4.0.0-beta.2

v4.0.0-beta.3

v4.0.0-beta.4

v4.0.0-beta.5

v4.0.0-beta.6

v4.0.0-beta.7

v4.0.0-next.1

v4.0.0-next.10

v4.0.0-next.11

v4.0.0-next.12

v4.0.0-next.13

v4.0.0-next.14

v4.0.0-next.15

v4.0.0-next.16

v4.0.0-next.17

v4.0.0-next.18

v4.0.0-next.19

v4.0.0-next.2

v4.0.0-next.20

v4.0.0-next.21

v4.0.0-next.22

v4.0.0-next.23

v4.0.0-next.24

v4.0.0-next.25

v4.0.0-next.26

v4.0.0-next.3

v4.0.0-next.4

v4.0.0-next.5

v4.0.0-next.6

v4.0.0-next.7

v4.0.0-next.8

v4.0.0-next.9

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.1.0

v4.1.1

v4.1.2

v4.2.0

v4.2.1