{ "data_version": "4.0", "data_type": "CVE", "data_format": "MITRE", "CVE_data_meta": { "ID": "CVE-2024-51752", "ASSIGNER": "security-advisories@github.com", "STATE": "PUBLIC" }, "description": { "description_data": [ { "lang": "eng", "value": "The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-532: Insertion of Sensitive Information into Log File", "cweId": "CWE-532" } ] } ] }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "workos", "product": { "product_data": [ { "product_name": "authkit-nextjs", "version": { "version_data": [ { "version_affected": "=", "version_value": "< 0.13.2" } ] } } ] } } ] } }, "references": { "reference_data": [ { "url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25", "refsource": "MISC", "name": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25" }, { "url": "https://github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7", "refsource": "MISC", "name": "https://github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7" }, { "url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2", "refsource": "MISC", "name": "https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2" } ] }, "source": { "advisory": "GHSA-5wmg-9cvh-qw25", "discovery": "UNKNOWN" } }