CVE-2024-29901

CVSS v3.1 4.8 (Medium)

EPSS 0.04 % (16^th)

Advisories 1

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.
A user can reuse an expired session by controlling the x-workos-session header. The vulnerability is patched in v0.4.2.

Weaknesses

CWE-294: Authentication Bypass by Capture-replay

CVE Status: PUBLISHED
CNA: GitHub, Inc.
Published Date: 2024-03-29 16:15:08
(5 months ago)
Updated Date: 2024-04-01 01:12:59
(5 months ago)