103 matches found
CVE-2024-22206
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth in the App Router or getAuth in the Pages Router. This vulnerability was patched in version 4.29.3...
CVE-2024-22206 @clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth in the App Router or getAuth in the Pages Router. This vulnerability was patched in version 4.29.3...
CVE-2024-22206
Clerk/Next.js vulnerability CVE-2024-22206: a logic flaw in auth() (App Router) or getAuth() (Pages Router) could allow unauthorized access or privilege escalation. Affected versions are all that use @clerk/nextjs prior to the fix, with remediation provided by upgrading to @clerk/nextjs v4.29.3. ...