Name of the Vulnerable Software and Affected Versions better-auth (affected versions not specified)

Description A security bypass was found in the better-auth library, allowing for an open redirect vulnerability. This vulnerability can be exploited by manipulating the callbackURL parameter to redirect victims to an attacker-controlled website, potentially leading to account takeover by stealing reset password tokens. The issue arises from insufficient protection in the middleware and a weak regex pattern used for trusted origins validation. This weakness can be bypassed using specific payloads, such as //example.com for absolute URLs or exploiting special characters in URLs for wildcard configurations.

Recommendations As a temporary workaround, consider disabling the callbackURL parameter in the affected API endpoint until a patch is available. Restrict access to the vulnerable middleware to minimize the risk of exploitation. Avoid using wildcard configurations for trusted origins until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.