CVE-2024-51753
LOWauthkit-remix < 0.4.1 - Sensitive Information Exposure via Debug Log
Title source: llmDescription
The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/workos/authkit-remix/security/advisories/GHSA-v2qh-f584-6hj8
Patch x_refsource_misc
https://github.com/workos/authkit-remix/commit/32d5bcd54c795c1e2a3204f8e3977ab9ad57ec06
Release Notes x_refsource_misc
https://github.com/workos/authkit-remix/releases/tag/v0.4.1
Scores
CVSS v4
2.1
EPSS
0.0022
EPSS Percentile
11.8%
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-532
Status
published
Products (2)
workos/authkit-remix
< 0.4.1
workos-inc/authkit-remix
0 - 0.4.1npm
Published
Nov 05, 2024
Tracked Since
Feb 18, 2026