192 matches found
Information Exposure
Overview @workos-inc/authkit-remix is an Authentication and session helpers for using WorkOS & AuthKit with Remix Affected versions of this package are vulnerable to Information Exposure due to specifically sealedSession and accessToken, which return them from the authkitLoader function. An...
CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...
CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...
CVE-2025-55009
CVE-2025-55009 affects the AuthKit Remix package @workos-inc/authkit-remix. Versions ≤ 0.14.1 expose sensitive artifacts (sealedSession and accessToken) via the authkitLoader, causing them to be rendered into browser HTML. This creates information exposure and potential session/API access risk, a...
CVE-2025-55009 AuthKit: Sensitive auth data rendered in HTML
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In versions 0.14.1 and below, @workos-inc/authkit-remix exposed sensitive authentication artifacts — specifically sealedSession and accessToken — by returning the...
AuthKit Remix Library 信息泄露漏洞
AuthKit Remix Library is a WorkOS open source library for authentication and session management. An information disclosure vulnerability exists in AuthKit Remix Library version 0.14.1 and earlier, which stems from exposing sensitive authentication artifacts and could lead to information disclosur...
The AuthKit Remix Library renders sensitive auth data in HTML
Summary Before 0.15.0, @workos-inc/authkit-remix returned sensitive authentication artifacts from the authkitLoader, specifically sealedSession and accessToken. Because these values were returned from the loader, they were embedded into the server-rendered HTML and became readable by any script...
GHSA-V3GR-W9GF-23CX The AuthKit Remix Library renders sensitive auth data in HTML
Summary Before 0.15.0, @workos-inc/authkit-remix returned sensitive authentication artifacts from the authkitLoader, specifically sealedSession and accessToken. Because these values were returned from the loader, they were embedded into the server-rendered HTML and became readable by any script...
PT-2025-32422 · Workos · Authkit
Name of the Vulnerable Software and Affected Versions: @workos-inc/authkit-remix versions 0.14.1 and below Description: The AuthKit library for Remix exposed sensitive authentication artifacts – specifically sealedSession and accessToken – by returning them from the authkitLoader, causing them to...
This Week in Spring - May 13th, 2025
Hi, Spring fans! As I write this, I'm at the amazing Code Remix event in Miami well, technically Tampa, Florida. I'll also be speaking at the Tampa JUG while I'm there, so look out! After that, I'll be headed back to Europe—a wee bit further north this time—to Stockholm for the amazing JForum...
This Week in Spring - May 6th, 2025
Hi, Spring fans! As I write this, I'm winging my way to lovely London, UK, for the amazing Devoxx UK event! I'll be looking at the wide and wonderful world of Springdom. Then, from there, it's off to Code Remix in Miami. I'll also be speaking at the Tampa JUG while I'm there, so look out! After...
CVE-2025-31137
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...
GHSA-4Q56-CRQP-V477 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL...
Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
Impact We received a report about a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL...
CVE-2025-31137
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...
CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...
CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...
CVE-2025-31137
Summary: A Host/X-Forwarded-Host header manipulation vulnerability in Remix/React Router affects Remix 2 and React Router 7 users using the Express adapter. An attacker can spoof the incoming Request URL by placing a pathname in the URL’s port section of a header-hosted URL, potentially altering ...
CVE-2025-31137 Remix and React Router allow URL manipulation via Host / X-Forwarded-Host headers
React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an...
PT-2025-14377 · Express +2 · Express +2
Name of the Vulnerable Software and Affected Versions: React Router versions 7.0.0 through 7.4.0 Remix versions 2.11.1 and later, prior to 2.16.3 Description: The issue allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part o...