CVE-2024-29901

High

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can…

GitHub_M·CWE-294·Published 2024-03-29

CVSS

8.1

EPSS

0.01

KEV

Exploits

cve.orgen

249 chars

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.

NVDen

249 chars

OSV.deven

179 chars

### Impact A user can reuse an expired session by controlling the `x-workos-session` header. ### Patches Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2

GHSAen

179 chars

### Impact A user can reuse an expired session by controlling the `x-workos-session` header. ### Patches Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2

NVDes

277 chars

La librería AuthKit para Next.js proporciona ayudas para la autenticación y la gestión de sesiones utilizando WorkOS y AuthKit con Next.js. Un usuario puede reutilizar una sesión caducada controlando el encabezado `x-workos-session`. La vulnerabilidad está parcheada en v0.4.2.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	8.1	2.2	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	4.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Primary	cve.org	4.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Secondary	GHSA	4.8	—	—	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
3.1	Secondary	NVD	4.8	2.2	2.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N