Lucene search
+L

192 matches found

Snyk
Snyk
added 2025/08/09 2:41 a.m.1 views

Information Exposure

Overview @workos-inc/authkit-remix is an Authentication and session helpers for using WorkOS & AuthKit with Remix Affected versions of this package are vulnerable to Information Exposure due to specifically sealedSession and accessToken, which return them from the authkitLoader function. An...

7.6CVSS6.9AI score0.00364EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/09 2:2 a.m.5 views

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

7.1CVSS7.2AI score0.00364EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/09 2:2 a.m.70 views

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

7.1CVSS0.00364EPSS
Exploits0References3
CVE
CVE
added 2025/08/09 2:2 a.m.34 views

CVE-2025-55009

CVE-2025-55009 affects the AuthKit Remix package @workos-inc/authkit-remix. Versions ≤ 0.14.1 expose sensitive artifacts (sealedSession and accessToken) via the authkitLoader, causing them to be rendered into browser HTML. This creates information exposure and potential session/API access risk, a...

7.1CVSS6.9AI score0.00364EPSS
Exploits0References3
OSV
OSV
added 2025/08/09 2:2 a.m.28 views

CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML

The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...

7.1CVSS6.7AI score0.00364EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/08/09 12:0 a.m.4 views

AuthKit Remix Library 信息泄露漏洞

AuthKit Remix Library is a WorkOS open source library for authentication and session management. An information disclosure vulnerability exists in AuthKit Remix Library version 0.14.1 and earlier, which stems from exposing sensitive authentication artifacts and could lead to information disclosur...

7.1CVSS6AI score0.00364EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/08/08 5:8 p.m.13 views

The AuthKit Remix Library renders sensitive auth data in HTML

Summary Before 0.15.0, @workos-inc/authkit-remix returned sensitive authentication artifacts from the authkitLoader, specifically sealedSession and accessToken. Because these values were returned from the loader, they were embedded into the server-rendered HTML and became readable by any script...

7.1CVSS6.1AI score0.00364EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/08/08 5:8 p.m.20 views

GHSA-V3GR-W9GF-23CX The AuthKit Remix Library renders sensitive auth data in HTML

Summary Before 0.15.0, @workos-inc/authkit-remix returned sensitive authentication artifacts from the authkitLoader, specifically sealedSession and accessToken. Because these values were returned from the loader, they were embedded into the server-rendered HTML and became readable by any script...

7.1CVSS6.1AI score0.00364EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.17 views

PT-2025-32422 · Workos · Authkit

Name of the Vulnerable Software and Affected Versions: @workos-inc/authkit-remix versions 0.14.1 and below Description: The AuthKit library for Remix exposed sensitive authentication artifacts – specifically sealedSession and accessToken – by returning them from the authkitLoader, causing them to...

7.1CVSS6.3AI score0.00364EPSS
Exploits0References10
Spring Security Advisories
Spring Security Advisories
added 2025/05/13 12:0 a.m.29 views

This Week in Spring - May 13th, 2025

Hi, Spring fans! As I write this, I'm at the amazing Code Remix event in Miami well, technically Tampa, Florida. I'll also be speaking at the Tampa JUG while I'm there, so look out! After that, I'll be headed back to Europe—a wee bit further north this time—to Stockholm for the amazing JForum...

7.5AI score
Exploits0
Spring Security Advisories
Spring Security Advisories
added 2025/05/06 12:0 a.m.20 views

This Week in Spring - May 6th, 2025

Hi, Spring fans! As I write this, I'm winging my way to lovely London, UK, for the amazing Devoxx UK event! I'll be looking at the wide and wonderful world of Springdom. Then, from there, it's off to Code Remix in Miami. I'll also be speaking at the Tampa JUG while I'm there, so look out! After...

7.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/03 6:30 p.m.18 views

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

7.5CVSS7.1AI score0.01151EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 10:23 p.m.7 views

GHSA-4Q56-CRQP-V477 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers

Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL...

7.5CVSS7AI score0.01151EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2025/04/01 10:23 p.m.17 views

Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers

Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL...

7.5CVSS7AI score0.01151EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2025/04/01 7:15 p.m.67 views

CVE-2025-31137

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

7.5CVSS0.01151EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/01 6:20 p.m.8 views

CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

7.5CVSS7.1AI score0.01151EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/04/01 6:20 p.m.86 views

CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

7.5CVSS0.01151EPSS
Exploits0References1
CVE
CVE
added 2025/04/01 6:20 p.m.144 views

CVE-2025-31137

Summary: A Host/X-Forwarded-Host header manipulation vulnerability in Remix/React Router affects Remix 2 and React Router 7 users using the Express adapter. An attacker can spoof the incoming Request URL by placing a pathname in the URL’s port section of a header-hosted URL, potentially altering ...

7.5CVSS7.1AI score0.01151EPSS
Exploits0References1
OSV
OSV
added 2025/04/01 6:20 p.m.27 views

CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers

React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...

7.5CVSS6.9AI score0.01151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.12 views

PT-2025-14377 · Express +2 · Express +2

Name of the Vulnerable Software and Affected Versions: React Router versions 7.0.0 through 7.4.0 Remix versions 2.11.1 and later, prior to 2.16.3 Description: The issue allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part o...

7.5CVSS7.3AI score0.01151EPSS
Exploits0References25
Rows per page
Query Builder