CVE-2024-29901

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-29901

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-29901.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-29901

Aliases

GHSA-35w3-6qhc-474v

Published

2024-03-29T16:15:08Z

Modified

2024-05-14T13:10:49.525056Z

Summary

[none]

Details

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the x-workos-session header. The vulnerability is patched in v0.4.2.

References

Affected packages

Git / github.com/workos/authkit-nextjs

Affected ranges

Type: GIT
Repo: https://github.com/workos/authkit-nextjs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6c3f4f3179d66cbb15de3962792083ff3b244a01

Affected versions

v0.*

v0.1.0

v0.1.0-rc.0

v0.1.0-rc.1

v0.1.0-rc.2

v0.1.0-rc.3

v0.2.0

v0.3.0

v0.3.0-rc.0

v0.4.0

v0.4.1