Impact
Unauthorized access or privilege escalation due to a logic flaw in auth()
in the App Router or getAuth()
in the Pages Router.
Affected Versions
All applications that that use @clerk/nextjs
versions in the range of >= 4.7.0
,< 4.29.3
in a Next.js backend to authenticate API Routes, App Router, or Route handlers. Specifically, those that call auth()
in the App Router or getAuth()
in the Pages Router. Only the @clerk/nextjs
SDK is impacted. Other SDKs, including other Javascript-based SDKs, are not impacted.
Patches
Fix included in @clerk/[email protected]
.
References
Impact
Unauthorized access or privilege escalation due to a logic flaw in
auth()
in the App Router orgetAuth()
in the Pages Router.Affected Versions
All applications that that use
@clerk/nextjs
versions in the range of>= 4.7.0
,< 4.29.3
in a Next.js backend to authenticate API Routes, App Router, or Route handlers. Specifically, those that callauth()
in the App Router orgetAuth()
in the Pages Router. Only the@clerk/nextjs
SDK is impacted. Other SDKs, including other Javascript-based SDKs, are not impacted.Patches
Fix included in
@clerk/[email protected]
.References