GHSA-VVVV-983W-R7PV @workos/authkit-session has an Open Redirect via state-derived redirect target

An open redirect vulnerability exists in AuthService.handleCallback due to insufficient validation of the returnPathname value derived from the OAuth state parameter. The state parameter is round-tripped through the identity provider IdP and can be influenced by an attacker. The handleCallback...

AuthKit Remix Library 日志信息泄露漏洞

AuthKit Remix Library is a WorkOS open source library for authentication and session management. A logging information disclosure vulnerability exists in the AuthKit Remix Library, where a refresh token is logged to the console when the "debug" flag is enabled, which is disabled by default...