logo

Database

Security controls bypass or absence In @workos-inc/authkit-nextjs

Description

@workos-inc/authkit-nextjs session replay vulnerability

Impact

A user can reuse an expired session by controlling the x-workos-session header.

Patches

Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2024-299012. NVD-2024-299013. OSV-2024-299014. GHSA-35w3-6qhc-474v5. GCVE-2024-29901

References

1. https://github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v2. https://github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a013. https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.