Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
References
Link | Resource |
---|---|
https://clerk.com/changelog/2024-01-12 | Release Notes Vendor Advisory |
https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3 | Patch Release Notes |
https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-12T20:07:40.402Z
Updated: 2024-01-12T20:07:40.402Z
Reserved: 2024-01-08T04:59:27.373Z
Link: CVE-2024-22206
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-12T20:15:47.420
Modified: 2024-01-22T18:38:06.843
Link: CVE-2024-22206
JSON object: View
Redhat Information
No data.