Homepage

@workos/authkit-session@0.3.2

Framework-agnostic authentication library for WorkOS with pluggable storage adapters

  • latest version

    0.5.2

  • latest non vulnerable version

    0.5.2

  • first published

    9 months ago

  • latest version published

    1 days ago

  • licenses detected

  • View authkit-session package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @workos/authkit-session package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Open Redirect

    @workos/authkit-session is a Framework-agnostic authentication library for WorkOS with pluggable storage adapters

    Affected versions of this package are vulnerable to Open Redirect via the handleCallback function when processing the returnPathname value derived from the OAuth state parameter. An attacker can redirect users to an external, attacker-controlled site by crafting a malicious authentication flow and influencing the state parameter. This is only exploitable if the application uses returnPathname as a redirect target without downstream validation or allowlisting.

    How to fix Open Redirect?

    Upgrade @workos/authkit-session to version 0.5.1 or higher.

    <0.5.1
    Go back to all versions of this package