Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12MnFoLWY1ODQtNmhqOM4ABA_S
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
Impact
Refresh tokens are logged to the console when the disabled by default debug flag, is enabled.
Patches
Patched in https://github.com/workos/authkit-remix/releases/tag/v0.4.1
Permalink: https://github.com/advisories/GHSA-v2qh-f584-6hj8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12MnFoLWY1ODQtNmhqOM4ABA_S
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: 1 day ago
Updated: 1 day ago
Identifiers: GHSA-v2qh-f584-6hj8, CVE-2024-51753
References:
- https://github.com/workos/authkit-remix/security/advisories/GHSA-v2qh-f584-6hj8
- https://github.com/workos/authkit-remix/commit/32d5bcd54c795c1e2a3204f8e3977ab9ad57ec06
- https://github.com/workos/authkit-remix/releases/tag/v0.4.1
- https://nvd.nist.gov/vuln/detail/CVE-2024-51753
- https://github.com/advisories/GHSA-v2qh-f584-6hj8
Blast Radius: 1.0
Affected Packages
npm:@workos-inc/authkit-remix
Dependent packages: 0Dependent repositories: 0
Downloads: 1,065 last month
Affected Version Ranges: < 0.4.1
Fixed in: 0.4.1
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0
All unaffected versions: 0.4.1