November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – DarkCrystal RAT (DCRat) Targeting Ukrainian Telecommunications Operators – Active IOCs- Russian-Ukrainian Cyber Warfare
June 27, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
June 28, 2022Rewterz Threat Alert – DarkCrystal RAT (DCRat) Targeting Ukrainian Telecommunications Operators – Active IOCs- Russian-Ukrainian Cyber Warfare
June 27, 2022Rewterz Threat Alert – APT Group Gamaredon – Active IOCs
June 28, 2022
Severity
High
Analysis Summary
CVE-2022-31093
Node.js next-auth module is vulnerable to a denial of service, caused by improper handling of callbackUrl. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause an unhandled error to be thrown.
Impact
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2022-31093
Affected Vendors
- Node.js
Affected Products
- Node.js Node.js
- Node.js next-auth 3.29.4
- Node.js next-auth 4.4.0
Remediation
Upgrade to the latest version of next-auth, available from the nextauthjs GIT Repository.