Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12MnFoLWY1ODQtNmhqOM4ABA_S
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
Impact
Refresh tokens are logged to the console when the disabled by default debug
flag, is enabled.
Patches
Patched in https://github.com/workos/authkit-remix/releases/tag/v0.4.1
Permalink: https://github.com/advisories/GHSA-v2qh-f584-6hj8JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12MnFoLWY1ODQtNmhqOM4ABA_S
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 months ago
Updated: about 2 months ago
EPSS Percentage: 0.00045
EPSS Percentile: 0.1735
Identifiers: GHSA-v2qh-f584-6hj8, CVE-2024-51753
References:
- https://github.com/workos/authkit-remix/security/advisories/GHSA-v2qh-f584-6hj8
- https://github.com/workos/authkit-remix/commit/32d5bcd54c795c1e2a3204f8e3977ab9ad57ec06
- https://github.com/workos/authkit-remix/releases/tag/v0.4.1
- https://nvd.nist.gov/vuln/detail/CVE-2024-51753
- https://github.com/advisories/GHSA-v2qh-f584-6hj8
Blast Radius: 1.0
Affected Packages
npm:@workos-inc/authkit-remix
Dependent packages: 0Dependent repositories: 0
Downloads: 4,248 last month
Affected Version Ranges: < 0.4.1
Fixed in: 0.4.1
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0
All unaffected versions: 0.4.1, 0.5.0, 0.6.0, 0.7.0, 0.7.1