GHSA-xg6x-h9c9-2m83: better-auth Authentication Bypass
Plattform
nodejs
Komponente
better-auth
Behoben in
1.4.9
GHSA-xg6x-h9c9-2m83 is a critical authentication bypass vulnerability in better-auth. Under certain configurations, sessions may be considered valid before two-factor authentication (2FA) is fully completed, allowing access to authenticated routes without proper verification. This occurs when `session.cookieCache` is enabled. Upgrade to version 1.4.9 to resolve this issue.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is GHSA-xg6x-h9c9-2m83?
GHSA-xg6x-h9c9-2m83 is an authentication bypass vulnerability in better-auth that can occur when 2FA is enabled and `session.cookieCache` is used.
Am I affected by GHSA-xg6x-h9c9-2m83?
You are affected if you are using a vulnerable version of better-auth with 2FA enabled and `session.cookieCache` enabled.
How do I fix GHSA-xg6x-h9c9-2m83?
Upgrade to better-auth version 1.4.9 or later.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten