Description
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.
A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.
Published: 2024-03-29
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2024-0799 The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js. A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.
Github GHSA Github GHSA GHSA-35w3-6qhc-474v @workos-inc/authkit-nextjs session replay vulnerability
History

Thu, 11 Dec 2025 18:00:00 +0000

Type Values Removed Values Added
First Time appeared Workos authkit-nextjs
CPEs cpe:2.3:a:workos:authkit:*:*:*:*:*:node.js:*:* cpe:2.3:a:workos:authkit-nextjs:*:*:*:*:*:node.js:*:*
Vendors & Products Workos authkit
Workos authkit-nextjs

Wed, 07 May 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Workos
Workos authkit
CPEs cpe:2.3:a:workos:authkit:*:*:*:*:*:node.js:*:*
Vendors & Products Workos
Workos authkit

Subscriptions

Workos Authkit-nextjs
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T01:17:58.024Z

Reserved: 2024-03-21T15:12:09.000Z

Link: CVE-2024-29901

cve-icon Vulnrichment

Updated: 2024-08-02T01:17:58.024Z

cve-icon NVD

Status : Analyzed

Published: 2024-03-29T16:15:08.337

Modified: 2025-12-11T17:45:43.453

Link: CVE-2024-29901

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses