Cmatheson

**Name of the Vulnerable Software and Affected Versions** AuthKit library for Next.js versions prior to 0.4.2 **Description** The issue allows a user to reuse an expired session by controlling the `x-workos-session` header. This can be exploited to bypass session expiration. **Recommendations** For versions prior to 0.4.2, update to version 0.4.2 to resolve the issue. As a temporary workaround, consider restricting access to the `x-workos-session` header to minimize the risk of exploitation.