{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T00:33:03.970","vulnerabilities":[{"cve":{"id":"CVE-2022-31127","sourceIdentifier":"security-advisories@github.com","published":"2022-07-06T18:15:19.497","lastModified":"2024-11-21T07:03:57.163","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: `balazs@email.com, <a href=\"http://attacker.com\">Before signing in, claim your money!</a>`. This was previously sent to `balazs@email.com`, and the content of the email containing a link to the attacker's site was rendered in the HTML. This has been remedied in the following releases, by simply not rendering that e-mail in the HTML, since it should be obvious to the receiver what e-mail they used: next-auth v3 users before version 3.29.8 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. next-auth v4 users before version 4.9.0 are impacted. If for some reason you cannot upgrade, the workaround requires you to sanitize the `email` parameter that is passed to `sendVerificationRequest` and rendered in the HTML. If you haven't created a custom `sendVerificationRequest`, you only need to upgrade. Otherwise, make sure to either exclude `email` from the HTML body or efficiently sanitize it."},{"lang":"es","value":"NextAuth.js es una completa solución de autenticación de código abierto para aplicaciones Next.js. Un atacante puede pasar una entrada comprometida al correo electrónico [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) que contiene algún HTML malicioso, engañando al servidor de correo electrónico para que lo envíe al usuario, y así poder llevar a cabo un ataque de phishing. Eg.: \"balazs@email.com, (a href=\"http://attacker.com\")Before signing in, claim your money!(/a)\". Anteriormente era enviado a \"balazs@email.com\", y el contenido del correo electrónico que contenía un enlace al sitio del atacante era renderizado en el HTML. Esto ha sido mitigado en las siguientes versiones, simplemente no renderizando ese correo electrónico en el HTML, ya que debería ser obvio para el receptor qué correo electrónico fue usado: los usuarios de next-auth versiones v3 anteriores a 3.29.8 están afectados. (Recomendamos actualizar a la versión v4, ya que la versión v3 es considerada sin mantenimiento. Los usuarios de next-auth versiones v4 anteriores a 4.9.0 están afectados. Si por alguna razón no puedes actualizar, la mitigación requiere que sea saneado el parámetro \"email\" que es pasado a \"sendVerificationRequest\" y es mostrado en el HTML. Si no has creado un \"sendVerificationRequest\" personalizado, sólo tienes que actualizar. En caso contrario, asegúrese de excluir \"email\" del cuerpo del HTML o de sanearlo eficazmente"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.7},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextauth.js:next-auth:*:*:*:*:*:node.js:*:*","versionEndExcluding":"3.29.8","matchCriteriaId":"D6D5F0DD-25B0-4A7E-9F90-04E6D3A910EE"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextauth.js:next-auth:*:*:*:*:*:node.js:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.9.0","matchCriteriaId":"F1463014-6B40-4A67-B484-F9102997C292"}]}]}],"references":[{"url":"https://github.com/nextauthjs/next-auth/commit/ae834f1e08a4a9915665eecb9479c74c6b039c9c","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.9.0","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/nextauthjs/next-auth/security/advisories/GHSA-pgjx-7f9g-9463","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://next-auth.js.org/getting-started/upgrade-v4","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://next-auth.js.org/providers/email#customizing-emails","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/nextauthjs/next-auth/commit/ae834f1e08a4a9915665eecb9479c74c6b039c9c","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nextauthjs/next-auth/releases/tag/next-auth%40v4.9.0","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/nextauthjs/next-auth/security/advisories/GHSA-pgjx-7f9g-9463","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://next-auth.js.org/getting-started/upgrade-v4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://next-auth.js.org/providers/email#customizing-emails","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}