AIKIDO-2024-10353
@kinde-oss/kinde-auth-nextjs is vulnerable to Improper Certificate Validation
95
Critical
@kinde-oss/kinde-auth-nextjs js
AIKIDO-2024-10353: @kinde-oss/kinde-auth-nextjs is vulnerable to Improper Certificate Validation in versions 1.8.3 - 2.3.11.
Improper Certificate Validation
Vuln in 1.8.3 - 2.3.11
Fixed in 2.3.12
No CVE available
TL;DR
Affected versions of the package are vulnerable to login bypass. The certificate is not validated on the authentication check.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade @kinde-oss/kinde-auth-nextjs library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US