CVE-2024-22206

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-22206

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-22206.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-22206

Aliases

GHSA-q6w5-jg5q-47vg

Related

GHSA-q6w5-jg5q-47vg

Published

2024-01-12T20:15:47Z

Modified

2025-05-17T08:33:23Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.

References

Affected packages

Git / github.com/clerk/javascript

Affected ranges

Type: GIT
Repo: https://github.com/clerk/javascript
Events: Introduced

b7b1fb6d2a1af5d5e6db7f6349e018966f1e0afd

Fixed

18aba588b53bf08a339ca890933c1e0b6a88c870