3 matches found
CVE-2024-29901
CVE-2024-29901 concerns the AuthKit Next.js library. The issue arises from improper handling of expired sessions, allowing an attacker to reuse an expired session by controlling the x-workos-session header. Affected component: workOS/AuthKit Next.js integration (authkit-nextjs). Impact is describ...
CVE-2024-51752
The CVE-2024-51752 entry concerns the AuthKit Next.js library for WorkOS/AuthKit integration. Affected versions log refresh tokens to the console when the debug flag is enabled, enabling potential token exposure through logs. The issue has a patched fix in version 0.13.2; upgrading to that versio...
CVE-2025-64762
Summary: The vulnerability CVE-2025-64762 affects the authkit-nextjs package (versions ≤ 2.11.0). Authenticated responses in these versions do not apply anti-caching headers, allowing session tokens to be cached by CDNs and potentially exposed to other users. The issue is resolved in 2.11.1, whic...