43 matches found
CVE-2025-53548 @clerk/backend Performs Insufficient Verification of Data Authenticity
Clerk helps developers build user management. Applications that use the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0...
CVE-2025-53548
CVE-2025-53548 concerns Clerk’s verifyWebhook() validation. Across connected documents, the issue is that the verifyWebhook() helper may accept improperly signed webhook events, enabling signature forgery. The vulnerability is mitigated by upgrading to @clerk/backend 2.4.0, which properly parses ...
PT-2025-28943 · Clerk · @Clerk/Backend
Name of the Vulnerable Software and Affected Versions: @clerk/backend versions prior to 2.4.0 Description: Applications utilizing the verifyWebhook helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. Recommendations: Upgrade to @clerk/backend...