8.8 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.7%
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
auth0.com/docs/security/bulletins/cve-2018-7307