auth0 is vulnerable to information disclosure. When Auth0’s management API is used to a Machine to Machine application authorization, it does not sanitize DenyList of specific key in the Authorization header and logs Authorization header value, exposing a bearer tokens.
github.com/auth0/node-auth0/commit/e23cd867a317c26b2aa39bd7fbacd59acb243195
github.com/auth0/node-auth0/pull/507
github.com/auth0/node-auth0/pull/507/commits/62ca61b3348ec8e74d7d00358661af1a8bc98a3c
github.com/auth0/node-auth0/security/advisories/GHSA-5jpf-pj32-xx53
github.com/auth0/node-auth0/tree/v2.27.1