3 matches found
CVE-2020-5263
auth0.js NPM package auth0-js greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an authentication error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the err...
CVE-2020-5263 Information disclosure through error object
auth0.js NPM package auth0-js greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an authentication error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the err...
CVE-2020-5263
The CVE-2020-5263 entry concerns the Auth0.js (NPM package auth0-js) library. Affected versions are greater than 8.0.0 and before 9.12.3, where an authentication error returns an error object that may contain the user’s original request, potentially exposing the plaintext password if logged or ex...