Impact Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. Affected Versions All applications that that use @clerk/nextjs versions in the range of >= 4.7.0,< 4.29.3 in a Next.js backend to authenticate API Routes, App Router, or Route handlers. Specifically, those that call auth() in the App Router or getAuth() in the Pages Router. Only the @clerk/nextjs SDK is impacted. Other SDKs, including other Javascript-based SDKs, are not impacted. Patches Fix included in @clerk/nextjs@4.29.3. References https://clerk.com/changelog/2024-01-12…Read More
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
