@workos-inc/authkit-nextjs 0.4.2 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the @workos-inc/authkit-nextjs package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Use of Cache Containing Sensitive Information @workos-inc/authkit-nextjs is an Authentication and session helpers for using WorkOS & AuthKit with Next.js Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to missing anti-caching headers on authenticated responses. An attacker can gain unauthorized access to session tokens by leveraging CDN caching of authenticated responses, which may result in exposure of sensitive session information to unintended users. How to fix Use of Cache Containing Sensitive Information? Upgrade `@workos-inc/authkit-nextjs` to version 2.11.1 or higher.	<2.11.1
L Insertion of Sensitive Information into Log File @workos-inc/authkit-nextjs is an Authentication and session helpers for using WorkOS & AuthKit with Next.js Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the `debug` flag, which logs sensitive information to the console. An attacker can access refresh tokens. Note: This is only exploitable if the debug flag is manually enabled, as it is disabled by default. How to fix Insertion of Sensitive Information into Log File? Upgrade `@workos-inc/authkit-nextjs` to version 0.13.2 or higher.	<0.13.2

Vulnerability

Vulnerable Version

Use of Cache Containing Sensitive Information

@workos-inc/authkit-nextjs is an Authentication and session helpers for using WorkOS & AuthKit with Next.js

Affected versions of this package are vulnerable to Use of Cache Containing Sensitive Information due to missing anti-caching headers on authenticated responses. An attacker can gain unauthorized access to session tokens by leveraging CDN caching of authenticated responses, which may result in exposure of sensitive session information to unintended users.

How to fix Use of Cache Containing Sensitive Information?

Upgrade @workos-inc/authkit-nextjs to version 2.11.1 or higher.

<2.11.1

Insertion of Sensitive Information into Log File

@workos-inc/authkit-nextjs is an Authentication and session helpers for using WorkOS & AuthKit with Next.js

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the debug flag, which logs sensitive information to the console. An attacker can access refresh tokens.

Note: This is only exploitable if the debug flag is manually enabled, as it is disabled by default.

How to fix Insertion of Sensitive Information into Log File?

Upgrade @workos-inc/authkit-nextjs to version 0.13.2 or higher.

<0.13.2

@workos-inc/authkit-nextjs@0.4.2 vulnerabilities

Authentication and session helpers for using WorkOS & AuthKit with Next.js

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically