Sokratisvidros

**Name of the Vulnerable Software and Affected Versions** Clerk versions prior to 4.29.3 **Description** The issue is related to unauthorized access or privilege escalation due to a logic flaw in the `auth()` function in the App Router or the `getAuth()` function in the Pages Router. This flaw affects applications that use the `@clerk/nextjs` SDK in a Next.js backend to authenticate API Routes, App Router, or Route handlers. **Recommendations** For versions prior to 4.29.3, update to version 4.29.3 to resolve the issue. As a temporary workaround, consider disabling the `auth()` function in the App Router or the `getAuth()` function in the Pages Router until the patch is applied. Restrict access to the affected API Routes, App Router, or Route handlers to minimize the risk of exploitation.