Описание
Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.
EPSS
Процентиль: 6%
0.00024
Низкий
7.5 High
CVSS3
Дефекты
CWE-345
Связанные уязвимости
CVSS3: 7.5
github
7 месяцев назад
@clerk/backend Performs Insufficient Verification of Data Authenticity
EPSS
Процентиль: 6%
0.00024
Низкий
7.5 High
CVSS3
Дефекты
CWE-345