漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Refresh tokens are logged when the debug flag is enabled in @workos-inc/authkit-nextjs
Vulnerability Description
The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
CVSS Information
N/A
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
AuthKit Next.js Library 日志信息泄露漏洞
Vulnerability Description
AuthKit Next.js Library是WorkOS开源的一个 Next.js 的 AuthKit 库。 AuthKit Next.js Library存在日志信息泄露漏洞,该漏洞源于当启用默认禁用的“debug”标志时,刷新令牌会记录到控制台。
CVSS Information
N/A
Vulnerability Type
N/A