12 matches found
EUVD-2025-115089
Malicious code in config-commitlint-config-angular-jwt-halley npm...
Malicious code in config-commitlint-config-angular-jwt-halley (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 48bdbdc79d93ea440f525e4fd0e99adb460f2672fb88a405befb6ad65a363dcf This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2022-5377
Malicious code in bioql PyPI...
angular-lunarc-blog (>=0.0.1 <=0.0.3), angular-lunarc-core (>=0.0.2 <=0.0.5) +14 more potentially affected by CVE-2018-11537 via angular-jwt (>=0.0.7 <=0.0.9)
angular-jwt NPM version =0.0.7, =0.0.1, =0.0.2, =0.0.1, =4.0.0, =1.0.0, =2.0.0, =4.0.0, =3.0.19, =3.1.0, =7.0.0, =3.0.0, =0.2.4, =0.0.1, =0.5.0, =0.5.3 and more Source cves: CVE-2018-11537 Source advisory: OSV:GHSA-VM2P-F5J4-MJ6G...
Auth0 angular-jwt misinterprets allowlist as regex
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain allowlist filter via a crafted domain. For example, if the setting is initialized...
GHSA-VM2P-F5J4-MJ6G Auth0 angular-jwt misinterprets allowlist as regex
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain allowlist filter via a crafted domain. For example, if the setting is initialized...
Authorization Bypass
angular-jwt is vulnerable to authorization bypasses. The library's whitelist entries are treated as regular expressions meaning that the . separator will match any character. This allows a malicious user to set up a domain name to bypass the whitelist filter e.g. if the entry is example.entry.io,...
CVE-2018-11537
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...
Design/Logic Flaw
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...
CVE-2018-11537
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...
CVE-2018-11537
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain...
CVE-2018-11537
Auth0 angular-jwt (before v0.1.10) is affected: entries in whiteListedDomains are treated as regular expressions, allowing a crafted domain to bypass the domain allowlist/whitelist filter. This misinterpretation can enable unauthorized access by crafting domains that match the regex pattern (e.g....