漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
@clerk/backend Performs Insufficient Verification of Data Authenticity
Vulnerability Description
Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
对数据真实性的验证不充分
Vulnerability Title
Official Clerk JavaScript SDKs 数据伪造问题漏洞
Vulnerability Description
Official Clerk JavaScript SDKs是Clerk开源的一个用于 Clerk 身份验证的官方 Javascript 存储库。 Official Clerk JavaScript SDKs存在数据伪造问题漏洞,该漏洞源于verifyWebhook验证不足,可能导致接受未签名webhook事件。
CVSS Information
N/A
Vulnerability Type
N/A