CNNVD-202511-2384 Information
CNNVD ID
CNNVD-202511-2384
Related CVE
- CNNVD Published: 2025-11-21
Description (Chinese)
AuthKit Next.js Library是WorkOS开源的一个 Next.js 的 AuthKit 库。 AuthKit Next.js Library 2.11.0及之前版本存在安全漏洞,该漏洞源于未应用防缓存标头,可能导致会话令牌泄露。
Description (English)
AuthKit Next.js Library is a Next.js AuthKit library of the WorldKOS open source. There is a security loophole in AuthKit Next.js Library 2.11.0 and earlier versions, which stems from the non-applical of the cache header, which could lead to the leaking of message signs.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
WorkOS
Published
2025-11-21
Last Modified
2026-02-24
References
https://github.com/workos/authkit-nextjs/commit/94cf438124993abb0e7c19dac64c3cb5724a15ea https://github.com/workos/authkit-nextjs/releases/tag/v2.11.1 https://github.com/workos/authkit-nextjs/security/advisories/GHSA-p8pf-44ff-93gf https://access.redhat.com/security/cve/cve-2025-64762
Patch
https://github.com/workos/authkit-nextjs/releases
Share on: