[NPM:GHSA-35W3-6QHC-474V] @workos-inc/authkit-nextjs session replay vulnerability

Severity Moderate
Affected Packages 1
Fixed Packages 1
CVEs 1

Impact

A user can reuse an expired session by controlling the x-workos-session header.

Patches

Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2

Package Affected Version
pkg:npm/%40workos-inc/authkit-nextjs < 0.4.2
Package Fixed Version
pkg:npm/%40workos-inc/authkit-nextjs = 0.4.2
ID
NPM:GHSA-35W3-6QHC-474V
Severity
moderate
URL
https://github.com/advisories/GHSA-35w3-6qhc-474v
Published
2024-03-29T20:16:00
(8 months ago)
Modified
2024-03-29T20:16:02
(8 months ago)
Rights
NPM Security Team
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:npm/%40workos-inc/authkit-nextjs @workos-inc authkit-nextjs < 0.4.2
Fixed pkg:npm/%40workos-inc/authkit-nextjs @workos-inc authkit-nextjs = 0.4.2
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date
Loading...