Vulnerabilities

 1 via 1 paths

Dependencies

 174

Source

 GitHub

Commit

 d6e57ff2

Find, fix and prevent vulnerabilities in your code.

Test and protect my applications
Issue type
  • 1
  • 1
Severity
  • 2
Status
  • 2
  • 0
  • 0

high severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: @clerk/backend
  • Introduced through: @clerk/nextjs@5.7.5

Detailed paths

  • Introduced through: devflow-application@RohitKS7/devflow-application#d6e57ff211330d057a106434d2d12d5b89747cde @clerk/nextjs@5.7.5 @clerk/backend@1.14.1
    Remediation: Upgrade to @clerk/nextjs@6.21.0.

Overview

@clerk/backend is a Clerk Backend SDK - REST Client for Backend API & JWT verification utilities

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the verifyWebhook() function. An attacker can cause unauthorized actions to be accepted by submitting improperly signed webhook events.

Workaround

This vulnerability can be mitigated by manually verifying webhooks as described in the official documentation.

Remediation

Upgrade @clerk/backend to version 2.4.0 or higher.

References

Improper Verification of Cryptographic Signature vulnerability report

high severity

GPL-2.0 license

  • Module: tinymce
  • Introduced through: @tinymce/tinymce-react@5.1.1

Detailed paths

  • Introduced through: devflow-application@RohitKS7/devflow-application#d6e57ff211330d057a106434d2d12d5b89747cde @tinymce/tinymce-react@5.1.1 tinymce@7.9.1

GPL-2.0 license

GPL-2.0 license vulnerability report