You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When sending a blank GET request to /api/auth/login using @thirdweb/auth in Next.js (and Express.js as well) the whole server crashes because of an unexpected token in this line of code.
This might be a vulnerability because this is a way to crash the whole backend with one single request.
Also to mention that the atob method used here is deprecated.
error - node_modules/@thirdweb-dev/auth/next/evm/dist/thirdweb-dev-auth-next-evm.esm.js (20:0) @ handler$2
error - SyntaxError: Unexpected token º in JSON at position 0
at JSON.parse (<anonymous>)
Possible solutions
Replace the deprecated atob method with the modern Buffer.from method.
Handle the case where the req.query.payload is null or undefined.
Catch server errors in the whole route handler.
The text was updated successfully, but these errors were encountered:
However, during installation of the Auth SDK, I get an error about NextJS13 conflict. I tried using legacy-peer-deps, however after installation, no data could be pulled from ThirdWebAuth. Might you know what's the issue here?
Issue
When sending a blank
GET
request to/api/auth/login
using@thirdweb/auth
in Next.js (and Express.js as well) the whole server crashes because of an unexpected token in this line of code.This might be a vulnerability because this is a way to crash the whole backend with one single request.
Also to mention that the
atob
method used here is deprecated.The error
Possible solutions
req.query.payload
is null or undefined.The text was updated successfully, but these errors were encountered: