Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
@workos-inc/authkit-nextjs session replay vulnerability
Vulnerability Description
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Type
使用捕获-重放进行的认证绕过
Vulnerability Title
AuthKit Next.js Library 安全漏洞
Vulnerability Description
AuthKit Next.js Library是WorkOS开源的一个 Next.js 的 AuthKit 库。 AuthKit Next.js Library 存在安全漏洞,该漏洞源于允许攻击者通过控制 x-workos-session 标头来重用过期的会话。
CVSS Information
N/A
Vulnerability Type
N/A