CVE-2024-22206: @clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)

Severity: Critical

CVSS Score: 9.1

Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.