npm package
@supabase/auth-js
pkg:npm/%40supabase/auth-js
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-48370 | Low | — | < 2.70.0 | 2.70.0 | May 27, 2025 | auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal, |
- affected < 2.70.0fixed 2.70.0
auth-js is an isomorphic Javascript library for Supabase Auth. Prior to version 2.70.0, the library functions getUserById, deleteUser, updateUserById, listFactors and deleteFactor did not require the user supplied values to be valid UUIDs. This could lead to a URL path traversal,