Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS01d21nLTljdmgtcXcyNc4ABA_R

@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled

Impact

Refresh tokens are logged to the console when the disabled by default debug flag, is enabled.

Patches

Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2

Permalink: https://github.com/advisories/GHSA-5wmg-9cvh-qw25
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01d21nLTljdmgtcXcyNc4ABA_R
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 months ago
Updated: about 2 months ago


EPSS Percentage: 0.00045
EPSS Percentile: 0.1735

Identifiers: GHSA-5wmg-9cvh-qw25, CVE-2024-51752
References: Repository: https://github.com/workos/authkit-nextjs
Blast Radius: 1.0

Affected Packages

npm:@workos-inc/authkit-nextjs
Dependent packages: 0
Dependent repositories: 0
Downloads: 17,842 last month
Affected Version Ranges: < 0.13.2
Fixed in: 0.13.2
All affected versions: 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.1, 0.6.2, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.13.0, 0.13.1
All unaffected versions: 0.13.2, 0.14.0, 0.15.0, 0.16.0, 0.16.1, 0.16.2