Vulnerability CVE-2024-22206


Published: 2024-01-12

Description:
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.

Type:

CWE-287

(Improper Authentication)

 References:
https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg
https://clerk.com/changelog/2024-01-12
https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3

Copyright 2026, cxsecurity.com

 

Back to Top