Clerk helps developers build user management. Applications that use the verifyWebhook() helper to verify incoming Clerk webhooks are susceptible to accepting improperly signed webhook events. The issue was resolved in @clerk/backend 2.4.0.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| @clerk/backend(npm) | 2.0.0 | 2.4.0 | N/A |
| @clerk/astro(npm) | 2.9.0 | 2.10.2 | N/A |
| @clerk/express(npm) | 1.6.0 | 1.7.4 | N/A |
| @clerk/fastify(npm) | 2.3.0 | 2.4.4 | N/A |
| @clerk/nextjs(npm) | 6.2.10 | 6.23.3 | N/A |
| @clerk/nuxt(npm) | 1.7.0 | 1.7.5 | N/A |
| @clerk/react-router(npm) | 1.5.0 | 1.6.4 | N/A |
| @clerk/remix(npm) | 4.8.0 | 4.8.5 | N/A |
| @clerk/tanstack-react-start(npm) | 0.16.0 | 0.18.3 | N/A |
CVSS Metrics
