CVE-2024-29901
CVSS v3.1
4.8 (Medium)
EPSS
0.04 % (16th)
Advisories
1
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.
A user can reuse an expired session by controlling the x-workos-session
header. The vulnerability is patched in v0.4.2.
Weaknesses
- CWE-294
- Authentication Bypass by Capture-replay
- CVE Status
- PUBLISHED
- CNA
- GitHub, Inc.
- Published Date
-
2024-03-29 16:15:08
(5 months ago) - Updated Date
-
2024-04-01 01:12:59
(5 months ago)
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...