5.2 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.1%
A user can reuse an expired session by controlling the x-workos-session header.
x-workos-session
Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.4.2
github.com/workos/authkit-nextjs
github.com/workos/authkit-nextjs/commit/6c3f4f3179d66cbb15de3962792083ff3b244a01
github.com/workos/authkit-nextjs/releases/tag/v0.4.2
github.com/workos/authkit-nextjs/security/advisories/GHSA-35w3-6qhc-474v
nvd.nist.gov/vuln/detail/CVE-2024-29901