CVE-2024-51752: @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Refresh tokens are logged to the console when the disabled by default debug flag, is enabled.
References
- github.com/advisories/GHSA-5wmg-9cvh-qw25
- github.com/workos/authkit-nextjs
- github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7
- github.com/workos/authkit-nextjs/releases/tag/v0.13.2
- github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25
- nvd.nist.gov/vuln/detail/CVE-2024-51752
Detect and mitigate CVE-2024-51752 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →