Authkit Nextjs
CVE-2024-29901
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the x-workos-session header. The vulnerability is patched in v0.4.2.
AnalysisAI
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.
Technical ContextAI
This vulnerability is classified under CWE-294. The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the x-workos-session header. The vulnerability is patched in v0.4.2. Affected products include: Workos Authkit-Nextjs.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Authkit Nextjs
View allThe AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & Aut
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & Aut
Same weakness CWE-294 – Authentication Bypass by Capture-replay
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today