10 matches found
Sensitive Information Disclosure
authkit-nextjs is vulnerable to Sensitive Information Disclosure. The vulnerability is due to missing anti-caching headers on authenticated responses, where session tokens can be cached by CDNs and inadvertently served to other users, leading to unauthorized session exposure in environments with...
CVE-2025-64762
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762 authkit-nextjs may let session cookies be cached in CDNs
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enable...
CVE-2025-64762
Summary: The vulnerability CVE-2025-64762 affects the authkit-nextjs package (versions ≤ 2.11.0). Authenticated responses in these versions do not apply anti-caching headers, allowing session tokens to be cached by CDNs and potentially exposed to other users. The issue is resolved in 2.11.1, whic...
authkit-nextjs may let session cookies be cached in CDNs
In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...
Use of Cache Containing Sensitive Information
Overview @workos-inc/authkit-nextjs is an Authentication and session helpers for using WorkOS & AuthKit with Next.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to missing anti-caching headers on authenticated responses. An attacker can ga...
GHSA-P8PF-44FF-93GF authkit-nextjs may let session cookies be cached in CDNs
In authkit-nextjs version 2.11.0 and below, authenticated responses do not defensively apply anti-caching headers. In environments where CDN caching is enabled, this can result in session tokens being included in cached responses and subsequently served to multiple users. Next.js applications...
PT-2025-47657
Name of the Vulnerable Software and Affected Versions AuthKit-nextjs versions 2.11.0 and below Description The AuthKit library for Next.js, used for authentication and session management, does not apply anti-caching headers to authenticated responses in versions 2.11.0 and below. This can lead to...