34 matches found
CVE-2024-51752
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.13...
CVE-2024-51753
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.4.1. A...
CVE-2024-51752 Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-nextjs
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.13...
GHSA-5WMG-9CVH-QW25 @workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2...
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2...
PT-2024-34883
Name of the Vulnerable Software and Affected Versions AuthKit library for Next.js versions prior to 0.13.2 Description The issue concerns the logging of refresh tokens to the console when the debug flag is enabled. This flag is disabled by default. There are no known workarounds for this issue...
AuthKit Next.js Library 日志信息泄露漏洞
AuthKit Next.js Library is an open source Next.js AuthKit library for WorkOS. A logging information disclosure vulnerability exists in the AuthKit Next.js Library, where a refresh token is logged to the console when the "debug" flag is enabled, which is disabled by default...
DEBIAN-CVE-2023-23603
Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird 102.7...
Mozilla: Calls to <code>console.log</code> allowed bypasing Content Security Policy via format directive
The Mozilla Foundation Security Advisory describes this flaw as: Regular expressions used to filter out forbidden properties and values from style directives in calls to console.log weren't accounting for external URLs. Data could then be potentially exfiltrated from the browser...
Information Disclosure
ansible is vulnerable to information disclosure. The nolog feature is not enabled by default and confidential information such as secrets are logged to the console...
module: bitbucket_pipeline_variable exposes secured values
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...
Important: Red Hat Security Advisory: kernel security and bug fix update
Updated kernel packages that fix one security issue and three bugs are now available for Red Hat Enterprise Linux 6.4 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...
Firebug 1.03 Rep.JS Script Code Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/23349/info Firebug is prone to a script-code-injection vulnerability because it fails to adequately escape user-supplied data. An attacker can exploit this issue to execute arbitrary script code in the context of the...
5861 IP Filtering issues
Product: Efficient Networks 5861 DSL Router http://www.efficient.com/ebz/5800.html Tested version: 5.3.80 Latest firmware Advisory date: 10/01/2003 Severity: Moderate Details When using the built in IP filtering to block incoming TCP SYN flags, a simple port scan to the WAN interface of the route...