Skip to content

Refresh tokens are logged when the debug flag is enabled

Low
marji-workos published GHSA-5wmg-9cvh-qw25 Nov 5, 2024

Package

npm @workos-inc/authkit-nextjs (npm)

Affected versions

< 0.13.2

Patched versions

0.13.2

Description

Impact

Refresh tokens are logged to the console when the disabled by default debug flag, is enabled.

Patches

Patched in https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2

Severity

Low

CVE ID

CVE-2024-51752

Weaknesses

No CWEs