How severe is CVE-2022-31093?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-31093?

This is classified as CWE-754, which is a common weakness in software security.

CVE-2022-31093 - HIGH Severity | CVSS 7.5

Vulnerability Description

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid `callbackUrl` query parameter, which internally is converted to a `URL` object. The URL instantiation would fail due to a malformed URL being passed into the constructor, causing it to throw an unhandled error which led to the **API route handler timing out and logging in to fail**. This has been remedied in versions 3.29.5 and 4.5.0. If for some reason you cannot upgrade, the workaround requires you to rely on Advanced Initialization. Please see the documentation for more.

Related Vulnerabilities

CVE-2016-8209

HIGH

CVSS:7.5(High)

Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allo...

CWE-7542016

CVE-2017-10894

HIGH

CVSS:7.5(High)

StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

CWE-7542017

CVE-2017-10895

HIGH

CVSS:7.5(High)

sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause a denial of service via unspecified vectors.

CWE-7542017

CVE-2017-11144

HIGH

CVSS:7.5(High)

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the openssl extension PEM sealing code did not check the return value of the OpenSSL sealing function, which could lead to a crash of t...

CWE-7542017

CVE-2017-12119

HIGH

CVSS:7.5(High)

An exploitable unhandled exception vulnerability exists in multiple APIs of CPP-Ethereum JSON-RPC. Specially crafted JSON requests can cause an unhandled exception resulting in denial of service. An a...

CWE-7542017

CVE-2017-17083

HIGH

CVSS:7.5(High)

In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector could crash. This was addressed in epan/dissectors/packet-netbios.c by ensuring that write operations are bounded by the beginnin...

CWE-7542017