3 matches found
CVE-2020-15125
CVE-2020-15125 concerns the npm package auth0 and affects versions before 2.27.1. A denylist of keys sanitized from the request object in the error object does not include the Authorization header, enabling the header value to be logged and potentially exposing a bearer token when using a Machine...
CVE-2018-7307
Auth0.js (Auth0.js library) is affected up to and including version 9.3, where CSRF can occur if the authorization response lacks the state parameter. Root cause: improper handling of missing state in the response. Impact: CSRF vulnerability with high CVSS3 score (8.8) and notable risks of unauth...
CVE-2017-17068
The CVE-2017-17068 entry concerns Auth0’s auth0.js library prior to 8.12. A cross-origin vulnerability allows an attacker to obtain authenticated users’ tokens and invoke services on behalf of a user when a site uses a popup callback page via auth0.popup.callback(). Affected software: auth0.js