Skip to content

Session replay vulnerability

Moderate
cmatheson published GHSA-35w3-6qhc-474v Mar 28, 2024

Package

npm @workos-inc/authkit-nextjs (npm)

Affected versions

< 0.4.2

Patched versions

0.4.2

Description

Impact

A user can reuse an expired session by controlling the x-workos-session header.

Patches

Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2

Severity

Moderate

CVE ID

CVE-2024-29901

Weaknesses

No CWEs