VYPR
Moderate severityNVD Advisory· Published Mar 29, 2024· Updated Aug 2, 2024

@workos-inc/authkit-nextjs session replay vulnerability

CVE-2024-29901

Description

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the x-workos-session header. The vulnerability is patched in v0.4.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@workos-inc/authkit-nextjsnpm
< 0.4.20.4.2

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.