An issue was discovered in clerk-js 5.88.0 allowing attackers to bypass the OAuth authentication flow by manipulating the request at the OTP verification stage. NOTE: this is disputed by the Supplier because there is no available information to reproduce the issue, and because an OAuth authentication flow issue would be fixed in a backend component, not within clerk-js itself (which is solely a frontend component).
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| @clerk/clerk-js(npm) | 0 | N/A | N/A |
CVSS Metrics
