Open Redirect Affecting better-auth package, versions <1.1.20
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-JS-BETTERAUTH-8746067
- published25 Feb 2025
- disclosed24 Feb 2025
- creditSumeet, Shivaraj
Introduced: 24 Feb 2025
NewCVE-2025-27143 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
How to fix?
Upgrade better-auth to version 1.1.20 or higher.
Overview
better-auth is a The most comprehensive authentication library for TypeScript.
Affected versions of this package are vulnerable to Open Redirect due to improper validation of the `callbackURL parameter in the email verification endpoint and other endpoints that accept a callback URL.