High
Node.js next-auth module is vulnerable to a denial of service, caused by improper handling of callbackUrl. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause an unhandled error to be thrown.
Upgrade to the latest version of next-auth, available from the nextauthjs GIT Repository.