Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12MnFoLWY1ODQtNmhqOM4ABA_S

@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled

Impact

Refresh tokens are logged to the console when the disabled by default debug flag, is enabled.

Patches

Patched in https://github.com/workos/authkit-remix/releases/tag/v0.4.1

Permalink: https://github.com/advisories/GHSA-v2qh-f584-6hj8
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12MnFoLWY1ODQtNmhqOM4ABA_S
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 1 month ago
Updated: about 1 month ago


EPSS Percentage: 0.00045
EPSS Percentile: 0.16747

Identifiers: GHSA-v2qh-f584-6hj8, CVE-2024-51753
References: Repository: https://github.com/workos/authkit-remix
Blast Radius: 1.0

Affected Packages

npm:@workos-inc/authkit-remix
Dependent packages: 0
Dependent repositories: 0
Downloads: 2,892 last month
Affected Version Ranges: < 0.4.1
Fixed in: 0.4.1
All affected versions: 0.1.0, 0.2.0, 0.3.0, 0.3.1, 0.4.0
All unaffected versions: 0.4.1, 0.5.0, 0.6.0, 0.7.0