GHSA-9x4v-xfq5-m8x5: Better Auth URL parameter HTML Injection (Reflected Cross-Site scripting)
The better-auth /api/auth/error page was vulnerable to HTML injection, resulting in a reflected cross-site scripting (XSS) vulnerability.
References
- github.com/advisories/GHSA-9x4v-xfq5-m8x5
- github.com/better-auth/better-auth
- github.com/better-auth/better-auth/blob/05ada0b79dbcac93cc04ceb79b23ca598d07830c/packages/better-auth/src/api/routes/error.ts
- github.com/better-auth/better-auth/commit/7ae340e2eddad641b7e43d24d37c58a66ce9ddcf
- github.com/better-auth/better-auth/security/advisories/GHSA-9x4v-xfq5-m8x5
Code Behaviors & Features
Detect and mitigate GHSA-9x4v-xfq5-m8x5 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →