基于中间件的路线保护绕过 · 公告 · clerk/javascript · GitHub

github.com 2026-04-25View in English →日本語 →

Security AdvisoryGHSA-vqx2-fgx2-5wq9HighClerk

Affected:

@clerk/astro >= 0.0.1, <= 2.17.9
@clerk/astro >= 3.0.0, < 3.0.14
@clerk/nextjs >= 5.0.0, <= 6.39.1
@clerk/nextjs >= 7.0.0, < 7.2.0
@clerk/nuxt >= 1.1.0, <= 1.13.27

Fixed in:

@clerk/astro 1.5.7
@clerk/astro 2.17.10
@clerk/astro 3.0.15
@clerk/nextjs 5.7.6
@clerk/nextjs 6.39.2

Referenced CVEs: CVE-2026-41248 · 9.1

本文由本平台从 github.com 自动抓取，经 LLM 流水线清洗、双语翻译。版权归原作者。查看原文。

同源更多文章

Pillow库图像解析整数溢出漏洞分析 2026-05-09 Pillow整数/缓冲区溢出漏洞分析及修复 2026-05-09 go-pkgz/auth Patreon认证逻辑缺陷修复 2026-05-09 go-pkgz/auth Patreon身份映射缺陷致账户合并漏洞 2026-05-09 Pillow/Scikit-image循环引用漏洞分析(CVSS 8.4) 2026-05-09