CVE-2024-29901

HIGH Year: 2024
CVSS v3 Score
8.1
High
Weakness Type
CWE-294
View all →

Vulnerability Description

The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.

Related Vulnerabilities

CVE-2017-5251

HIGH
CVSS:8.1(High)

In version 1012 and prior of Insteon's Insteon Hub, the radio transmissions used for communication between the hub and connected devices are not encrypted.

CWE-2942017

CVE-2018-17935

HIGH
CVSS:8.1(High)

All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are reproducible by sniffing and re-transmission. This can lead to unauthorized replay of a command, spoofing of a...

CWE-2942018

CVE-2019-12887

HIGH
CVSS:8.1(High)

KeyIdentity LinOTP before 2.10.5.3 has Incorrect Access Control (issue 1 of 2).

CWE-2942019

CVE-2019-13533

HIGH
CVSS:8.1(High)

In Omron PLC CJ series, all versions, and Omron PLC CS series, all versions, an attacker could monitor traffic between the PLC and the controller and replay requests that could result in the opening a...

CWE-2942019

CVE-2020-27157

HIGH
CVSS:8.1(High)

Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to ...

CWE-2942020