@workos-inc/authkit-nextjs vulnerable to Session Fixation. This vulnerability is due to the improper handling of expired sessions within session.ts
. This allowing an attacker to reuse an expired session by controlling the x-workos-session
header.
CPE | Name | Operator | Version |
---|---|---|---|
@workos-inc/authkit-nextjs | le | 0.4.1 | |
@workos-inc/authkit-nextjs | le | 0.4.1 |