Insufficient Session Expiration Affecting @workos-inc/authkit-nextjs package, versions <0.4.2


0.0
medium

Snyk CVSS

    Attack Complexity High

    Threat Intelligence

    EPSS 0.05% (15th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-JS-WORKOSINCAUTHKITNEXTJS-6514823
  • published 31 Mar 2024
  • disclosed 29 Mar 2024
  • credit Unknown

How to fix?

Upgrade @workos-inc/authkit-nextjs to version 0.4.2 or higher.

Overview

@workos-inc/authkit-nextjs is an Authentication and session helpers for using WorkOS & AuthKit with Next.js

Affected versions of this package are vulnerable to Insufficient Session Expiration that allows an attacker to reuse an expired session by manipulating the x-workos-session header.