Опубликовано: 20 нояб. 2025
Источник: github
Github: Прошло ревью
CVSS4: 6.6
CVSS3: 7.5
Описание
Clerk-js vulnerable to bypass of OAuth authentication flow by manipulating request at OTP verification stage
An issue was discovered in Clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage.
Пакеты
Наименование
@clerk/clerk-js
npm
Затронутые версииВерсия исправления
<= 5.88.0
Отсутствует
Связанные уязвимости
nvd
3 месяца назад
Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.