Npm/@Clerk/Shared | GitLab Advisory Database (GLAD)

Official Clerk JavaScript SDKs: Middleware-based route protection bypass

createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowing them to skip middleware gating and reach downstream handlers. Sessions are not compromised and no existing user can be impersonated - the bypass only affects the middleware-level gating decision.

Advisories for Npm/@Clerk/Shared package