@next-auth/upstash-redis-adapter@1.1.1 vulnerabilities

Upstash adapter for next-auth. It uses Upstash's connectionless (HTTP based) Redis client.

latest version

3.0.4
latest non vulnerable version

3.0.4
first published

2 years ago
latest version published

a year ago
licenses detected
- ISC
  >=0
View @next-auth/upstash-redis-adapter package health on Snyk Advisor Open this link in a new tab

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the @next-auth/upstash-redis-adapter package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Improper Authentication @next-auth/upstash-redis-adapter is an Upstash adapter for next-auth. It uses Upstash's connectionless (HTTP based) Redis client. Affected versions of this package are vulnerable to Improper Authentication due to missing validation for both the identifier and the token in the `Upstash Redis` adapter. How to fix Improper Authentication? Upgrade `@next-auth/upstash-redis-adapter` to version 3.0.2 or higher.	<3.0.2

Improper Authentication

@next-auth/upstash-redis-adapter is an Upstash adapter for next-auth. It uses Upstash's connectionless (HTTP based) Redis client.

Affected versions of this package are vulnerable to Improper Authentication due to missing validation for both the identifier and the token in the Upstash Redis adapter.

How to fix Improper Authentication?

Upgrade @next-auth/upstash-redis-adapter to version 3.0.2 or higher.

<3.0.2

Go back to all versions of this package

@next-auth/upstash-redis-adapter@1.1.1 vulnerabilities

Upstash adapter for next-auth. It uses Upstash's connectionless (HTTP based) Redis client.

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities