Search criteria
5 vulnerabilities found for javascript by clerk
CVE-2025-53548 (GCVE-0-2025-53548)
Vulnerability from cvelistv5 – Published: 2025-07-09 17:12 – Updated: 2025-07-09 17:34
VLAI?
Title
@clerk/backend Performs Insufficient Verification of Data Authenticity
Summary
Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.
Severity ?
7.5 (High)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| clerk | javascript |
Affected:
< 2.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T17:34:18.708328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T17:34:36.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "javascript",
"vendor": "clerk",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T17:12:10.483Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/clerk/javascript/security/advisories/GHSA-9mp4-77wg-rwx9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-9mp4-77wg-rwx9"
}
],
"source": {
"advisory": "GHSA-9mp4-77wg-rwx9",
"discovery": "UNKNOWN"
},
"title": "@clerk/backend Performs Insufficient Verification of Data Authenticity"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53548",
"datePublished": "2025-07-09T17:12:10.483Z",
"dateReserved": "2025-07-02T15:15:11.516Z",
"dateUpdated": "2025-07-09T17:34:36.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22206 (GCVE-0-2024-22206)
Vulnerability from cvelistv5 – Published: 2024-01-12 20:07 – Updated: 2024-11-14 15:42
VLAI?
Title
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Summary
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
Severity ?
9.1 (Critical)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| clerk | javascript |
Affected:
>= 4.7.0, < 4.29.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"
},
{
"name": "https://clerk.com/changelog/2024-01-12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clerk.com/changelog/2024-01-12"
},
{
"name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:42:26.578504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:42:39.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "javascript",
"vendor": "clerk",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.7.0, \u003c 4.29.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T20:07:40.402Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"
},
{
"name": "https://clerk.com/changelog/2024-01-12",
"tags": [
"x_refsource_MISC"
],
"url": "https://clerk.com/changelog/2024-01-12"
},
{
"name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"
}
],
"source": {
"advisory": "GHSA-q6w5-jg5q-47vg",
"discovery": "UNKNOWN"
},
"title": "@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22206",
"datePublished": "2024-01-12T20:07:40.402Z",
"dateReserved": "2024-01-08T04:59:27.373Z",
"dateUpdated": "2024-11-14T15:42:39.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-53548 (GCVE-0-2025-53548)
Vulnerability from nvd – Published: 2025-07-09 17:12 – Updated: 2025-07-09 17:34
VLAI?
Title
@clerk/backend Performs Insufficient Verification of Data Authenticity
Summary
Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.
Severity ?
7.5 (High)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| clerk | javascript |
Affected:
< 2.4.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53548",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T17:34:18.708328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T17:34:36.765Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "javascript",
"vendor": "clerk",
"versions": [
{
"status": "affected",
"version": "\u003c 2.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "CWE-345: Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T17:12:10.483Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/clerk/javascript/security/advisories/GHSA-9mp4-77wg-rwx9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-9mp4-77wg-rwx9"
}
],
"source": {
"advisory": "GHSA-9mp4-77wg-rwx9",
"discovery": "UNKNOWN"
},
"title": "@clerk/backend Performs Insufficient Verification of Data Authenticity"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-53548",
"datePublished": "2025-07-09T17:12:10.483Z",
"dateReserved": "2025-07-02T15:15:11.516Z",
"dateUpdated": "2025-07-09T17:34:36.765Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22206 (GCVE-0-2024-22206)
Vulnerability from nvd – Published: 2024-01-12 20:07 – Updated: 2024-11-14 15:42
VLAI?
Title
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Summary
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
Severity ?
9.1 (Critical)
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| clerk | javascript |
Affected:
>= 4.7.0, < 4.29.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:35:34.930Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"
},
{
"name": "https://clerk.com/changelog/2024-01-12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://clerk.com/changelog/2024-01-12"
},
{
"name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22206",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-14T15:42:26.578504Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-14T15:42:39.402Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "javascript",
"vendor": "clerk",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.7.0, \u003c 4.29.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639: Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T20:07:40.402Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"
},
{
"name": "https://clerk.com/changelog/2024-01-12",
"tags": [
"x_refsource_MISC"
],
"url": "https://clerk.com/changelog/2024-01-12"
},
{
"name": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"
}
],
"source": {
"advisory": "GHSA-q6w5-jg5q-47vg",
"discovery": "UNKNOWN"
},
"title": "@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22206",
"datePublished": "2024-01-12T20:07:40.402Z",
"dateReserved": "2024-01-08T04:59:27.373Z",
"dateUpdated": "2024-11-14T15:42:39.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2024-22206
Vulnerability from fkie_nvd - Published: 2024-01-12 20:15 - Updated: 2024-11-21 08:55
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
References
| URL | Tags | ||
|---|---|---|---|
| security-advisories@github.com | https://clerk.com/changelog/2024-01-12 | Release Notes, Vendor Advisory | |
| security-advisories@github.com | https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3 | Patch, Release Notes | |
| security-advisories@github.com | https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://clerk.com/changelog/2024-01-12 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3 | Patch, Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clerk | javascript | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clerk:javascript:*:*:*:*:*:node.js:*:*",
"matchCriteriaId": "750A6387-63D6-4EB8-825D-D77873BC36CC",
"versionEndExcluding": "4.29.3",
"versionStartIncluding": "4.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.\n"
},
{
"lang": "es",
"value": "Clerk ayuda a los desarrolladores a crear gesti\u00f3n de usuarios. Acceso no autorizado o escalada de privilegios debido a un fallo l\u00f3gico en auth() en App Router o getAuth() en Pages Router. Esta vulnerabilidad fue parcheada en la versi\u00f3n 4.29.3."
}
],
"id": "CVE-2024-22206",
"lastModified": "2024-11-21T08:55:47.860",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0,
"source": "security-advisories@github.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-12T20:15:47.420",
"references": [
{
"source": "security-advisories@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://clerk.com/changelog/2024-01-12"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"
},
{
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://clerk.com/changelog/2024-01-12"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Release Notes"
],
"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg"
}
],
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security-advisories@github.com",
"type": "Secondary"
}
]
}