12 matches found
Sensitive Information Disclosure
authkit-nextjs is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing anti-caching headers on authenticated responses, where session tokens can be cached by CDNs and inadvertently served to other users, leading to unauthorized session exposure in environments with...
CVE-2025-64762
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762
Summary: The vulnerability CVE-2025-64762 affects the authkit-nextjs package (versions ≤ 2.11.0). Authenticated responses in these versions do not apply anti-caching headers, allowing session tokens to be cached by CDNs and potentially exposed to other users. The issue is resolved in 2.11.1, whic...
CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
AuthKit Next.js Library 安全漏洞
AuthKit Next.js Library is a WorkOS open source AuthKit library for Next.js. A security vulnerability exists in AuthKit Next.js Library version 2.11.0 and earlier, which stems from an unapplied anti-caching header that could lead to session token disclosure...
Use of Cache Containing Sensitive Information
Overview @workos-inc/authkit-nextjs is an Authentication and session helpers for using WorkOS & AuthKit with Next.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to missing anti-caching headers on authenticated responses. An attacker can ga...
authkit-nextjs may let session cookies be cached in CDNs
In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...
GHSA-P8PF-44FF-93GF authkit-nextjs may let session cookies be cached in CDNs
In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...
PT-2025-47657
Name of the Vulnerable Software and Affected Versions AuthKit-nextjs versions 2.11.0 and below Description The AuthKit library for Next.js, used for authentication and session management, does not apply anti-caching headers to authenticated responses in versions 2.11.0 and below. This can lead to...