CVE-2018-11537

Auth0 angular-jwt (before v0.1.10) is affected: entries in whiteListedDomains are treated as regular expressions, allowing a crafted domain to bypass the domain allowlist/whitelist filter. This misinterpretation can enable unauthorized access by crafting domains that match the regex pattern (e.g....