Vulnerabilities > CVE-2024-22206 - Unspecified vulnerability in Clerk Javascript
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://clerk.com/changelog/2024-01-12
- https://clerk.com/changelog/2024-01-12
- https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3
- https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3
- https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg
- https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg