Detections
Analytics

CVE-2024-22206

critical

Description

Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.

References

https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg

https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3

https://clerk.com/changelog/2024-01-12

Details

Source: Mitre, NVD

Published: 2024-01-12

Updated: 2024-01-22

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical