3 matches found
Open Redirect
Overview @workos/authkit-session is a Framework-agnostic authentication library for WorkOS with pluggable storage adapters Affected versions of this package are vulnerable to Open Redirect via the handleCallback function when processing the returnPathname value derived from the OAuth state...
GHSA-VVVV-983W-R7PV @workos/authkit-session has an Open Redirect via state-derived redirect target
An open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round-tripped through the identity provider IdP and can be influenced by an attacker. The handleCallback...
AuthKit Remix Library 日志信息泄露漏洞
AuthKit Remix Library is a WorkOS open source library for authentication and session management. A logging information disclosure vulnerability exists in the AuthKit Remix Library, where a refresh token is logged to the console when the "debug" flag is enabled, which is disabled by default...