50 matches found
Information Exposure
@workos-inc/authkit-remix is vulnerable to Information Exposure. The vulnerability is due to the debug flag being enabled, which allows an attacker to view refresh tokens logged to the console...
CVE-2024-51753
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.4.1. A...
CVE-2024-51752
The CVE-2024-51752 entry concerns the AuthKit Next.js library for WorkOS/AuthKit integration. Affected versions log refresh tokens to the console when the debug flag is enabled, enabling potential token exposure through logs. The issue has a patched fix in version 0.13.2; upgrading to that versio...
CVE-2024-51752 Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-nextjs
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.13...
CVE-2024-51753
CVE-2024-51753 affects the AuthKit Remix library (WorkOS/AuthKit with Remix). The vulnerability is an information exposure where refresh tokens are logged to the console when the debug flag is enabled. The issue has been patched in version 0.4.1; upgrading is advised. Affected behavior is limited...
CVE-2024-51753 Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.4.1. A...
CVE-2024-51753 Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.4.1. A...
CVE-2024-51753 Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-remix
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default debug flag, is enabled. This issue has been patched in version 0.4.1. A...
GHSA-V2QH-F584-6HJ8 @workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-remix/releases/tag/v0.4.1...
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-remix/releases/tag/v0.4.1...
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Impact Refresh tokens are logged to the console when the disabled by default debug flag, is enabled. Patches Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2...
AuthKit Remix Library 日志信息泄露漏洞
AuthKit Remix Library is a WorkOS open source library for authentication and session management. A logging information disclosure vulnerability exists in the AuthKit Remix Library, where a refresh token is logged to the console when the "debug" flag is enabled, which is disabled by default...
AuthKit Next.js Library 日志信息泄露漏洞
AuthKit Next.js Library is an open source Next.js AuthKit library for WorkOS. A logging information disclosure vulnerability exists in the AuthKit Next.js Library, where a refresh token is logged to the console when the "debug" flag is enabled, which is disabled by default...
PT-2024-34883
Name of the Vulnerable Software and Affected Versions AuthKit library for Next.js versions prior to 0.13.2 Description The issue concerns the logging of refresh tokens to the console when the debug flag is enabled. This flag is disabled by default. There are no known workarounds for this issue...
PT-2024-34884 · Authkit +1 · Authkit +1
Name of the Vulnerable Software and Affected Versions: AuthKit library for Remix versions prior to 0.4.1 Description: The issue concerns the logging of refresh tokens to the console when the debug flag is enabled. This flag is disabled by default. There are no known workarounds for this issue. Al...
PT-2024-1505 · Unknown · Goreleaser
Name of the Vulnerable Software and Affected Versions: GoReleaser versions prior to 1.24.0 Description: The issue is related to information disclosure through log files. When using a custom publisher with goreleaser release --debug, secret values used in the custom publisher are printed to the lo...
SUSE CVE-2004-1453
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...
SUSE CVE-2019-14871
The REENTCHECK macro see newlib/libc/include/sys/reent.h as used by REENTCHECKTM, REENTCHECKMISC, REENTCHECKMP and other newlib macros in versions prior to 3.3.0, does not check for memory allocation problems when the DEBUG flag is unset as is the case in production firmware builds...
Information Disclosure
uppy is vulnerable to information disclosure. The vulnerability exists due to an insecure debug flag which allow Local Urls by default...
UBUNTU-CVE-2020-36420
Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...