Vulnerability Description
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Clerk | Javascript | >= 4.7.0, < 4.29.3 |
Related Weaknesses (CWE)
References
- https://clerk.com/changelog/2024-01-12Release NotesVendor Advisory
- https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3PatchRelease Notes
- https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vgPatchVendor Advisory
- https://clerk.com/changelog/2024-01-12Release NotesVendor Advisory
- https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3PatchRelease Notes
- https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vgPatchVendor Advisory
FAQ
What is CVE-2024-22206?
CVE-2024-22206 is a vulnerability with a CVSS score of 9.0 (CRITICAL). Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patch...
How severe is CVE-2024-22206?
CVE-2024-22206 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-22206?
Check the references section above for vendor advisories and patch information. Affected products include: Clerk Javascript.