Filtered by vendor Clerk
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-22206 | 1 Clerk | 1 Javascript | 2024-02-28 | N/A | 9.8 CRITICAL |
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | |||||
CVE-2022-3907 | 1 Clerk | 1 Clerk.io | 2024-02-28 | N/A | 7.5 HIGH |
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options. |