Vulnerability Details CVE-2024-22206
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.6%
CVSS Severity
CVSS v3 Score 9.0
References
- https://clerk.com/changelog/2024-01-12
- https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3
- https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg
- https://clerk.com/changelog/2024-01-12
- https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3
- https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg
Products affected by CVE-2024-22206
-
cpe:2.3:a:clerk:javascript:*