Workos: >> Authkit >> 0.1.0 Security Vulnerabilities
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-11-05
The AuthKit library for Next.js provides helpers for authentication and session management using WorkOS & AuthKit with Next.js.
A user can reuse an expired session by controlling the `x-workos-session` header. The vulnerability is patched in v0.4.2.
CVSS Score
4.8
EPSS Score
0.004
Published
2024-03-29