Cross-Site Request Forgery (CSRF)
Discription

next-auth is vulnerable to Cross-Site Request Forgery (CSRF). The vulnerability exists due to the missing `state`, `nonce`, and `PKCE` checks for OAuth authentication, which allows an attacker to bypass the CSRF protection.Read More

Back to Main

Subscribe for the latest news: