Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01d21nLTljdmgtcXcyNc4ABA_R
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Impact
Refresh tokens are logged to the console when the disabled by default debug
flag, is enabled.
Patches
Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2
Permalink: https://github.com/advisories/GHSA-5wmg-9cvh-qw25JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01d21nLTljdmgtcXcyNc4ABA_R
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 month ago
Updated: about 1 month ago
EPSS Percentage: 0.00045
EPSS Percentile: 0.16747
Identifiers: GHSA-5wmg-9cvh-qw25, CVE-2024-51752
References:
- https://github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25
- https://github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7
- https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2
- https://nvd.nist.gov/vuln/detail/CVE-2024-51752
- https://github.com/advisories/GHSA-5wmg-9cvh-qw25
Blast Radius: 1.0
Affected Packages
npm:@workos-inc/authkit-nextjs
Dependent packages: 0Dependent repositories: 0
Downloads: 16,565 last month
Affected Version Ranges: < 0.13.2
Fixed in: 0.13.2
All affected versions: 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.1, 0.5.2, 0.5.3, 0.6.1, 0.6.2, 0.7.0, 0.8.0, 0.8.1, 0.8.2, 0.9.0, 0.10.0, 0.10.1, 0.11.0, 0.11.1, 0.11.2, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.13.0, 0.13.1
All unaffected versions: 0.13.2, 0.14.0, 0.15.0, 0.16.0, 0.16.1