@clerk/backend is a Clerk Backend SDK - REST Client for Backend API & JWT verification utilities
Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the verifyWebhook() function. An attacker can cause unauthorized actions to be accepted by submitting improperly signed webhook events.
Workaround
This vulnerability can be mitigated by manually verifying webhooks as described in the official documentation.
Remediation
Upgrade @clerk/backend to version 2.4.0 or higher.