Vulnerabilities

1 via 1 paths

Dependencies

180

Source

GitHub

Commit

d6e57ff2

Find, fix and prevent vulnerabilities in your code.

Issue type
  • 1
  • 1
Severity
  • 2
Status
  • 2
  • 0
  • 0

high severity

Improper Verification of Cryptographic Signature

  • Vulnerable module: @clerk/backend
  • Introduced through: @clerk/nextjs@5.7.5

Detailed paths

  • Introduced through: devflow-application@RohitKS7/devflow-application#d6e57ff211330d057a106434d2d12d5b89747cde @clerk/nextjs@5.7.5 @clerk/backend@1.14.1
    Remediation: Upgrade to @clerk/nextjs@6.21.0.

Overview

@clerk/backend is a Clerk Backend SDK - REST Client for Backend API & JWT verification utilities

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via the verifyWebhook() function. An attacker can cause unauthorized actions to be accepted by submitting improperly signed webhook events.

Workaround

This vulnerability can be mitigated by manually verifying webhooks as described in the official documentation.

Remediation

Upgrade @clerk/backend to version 2.4.0 or higher.

References

high severity

GPL-2.0 license

  • Module: tinymce
  • Introduced through: @tinymce/tinymce-react@5.1.1

Detailed paths

  • Introduced through: devflow-application@RohitKS7/devflow-application#d6e57ff211330d057a106434d2d12d5b89747cde @tinymce/tinymce-react@5.1.1 tinymce@7.9.1

GPL-2.0 license