Описание
@workos-inc/authkit-nextjs session replay vulnerability
Impact
A user can reuse an expired session by controlling the x-workos-session header.
Patches
Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2
Пакеты
Наименование
@workos-inc/authkit-nextjs
npm
Затронутые версииВерсия исправления
< 0.4.2
0.4.2
Связанные уязвимости
CVSS3: 4.8
nvd
почти 2 года назад
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.