CNNVD-202507-1349 Information
Jul 09, 2025
cve
CNNVD ID
CNNVD-202507-1349
Related CVE
- CNNVD Published: 2025-07-09
Description (Chinese)
Official Clerk JavaScript SDKs是Clerk开源的一个用于 Clerk 身份验证的官方 Javascript 存储库。 Official Clerk JavaScript SDKs存在数据伪造问题漏洞,该漏洞源于verifyWebhook验证不足,可能导致接受未签名webhook事件。
Description (English)
The Office Clerk JavaScript SDKs is an official Javascript repository for Clerk authentication. There is a gap in data forgery in the Office Clerk JavaScript SDKs, which stems from the inadequate validation of the VerifyWebhook, which may lead to the acceptance of unsigned webcast.
Hazard Level
Medium
Vulnerability Type
数据伪造问题
Affected Vendor
Clever
Published
2025-07-09
Last Modified
2026-02-24
References
https://github.com/clerk/javascript/security/advisories/GHSA-9mp4-77wg-rwx9
Patch
https://github.com/clerk/javascript/releases
Share on: