We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-51753

Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix



Description

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Reserved 2024-10-31 | Published 2024-11-05 | Updated 2024-11-05 | Assigner GitHub_M


LOW: 2.1CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Problem types

CWE-532: Insertion of Sensitive Information into Log File

Product status

< 0.4.1
affected

References

github.com/...-remix/security/advisories/GHSA-v2qh-f584-6hj8

github.com/...ommit/32d5bcd54c795c1e2a3204f8e3977ab9ad57ec06

github.com/workos/authkit-remix/releases/tag/v0.4.1

cve.org (CVE-2024-51753)

nvd.nist.gov (CVE-2024-51753)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-51753

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.