Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
auth0 auth0.js vulnerabilities and exploits
(subscribe to this query)
7.7
CVSSv3
CVE-2020-15125
In auth0 (npm package) versions prior to 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. The key for Authorization header is not sanitized and in certain cases the Authorization header value can be logged...
Auth0 Auth0.js
9.8
CVSSv3
CVE-2018-6873
The Auth0 authentication service prior to 2017-10-15 allows privilege escalation because the JWT audience is not validated.
Auth0 Auth0.js
8.8
CVSSv3
CVE-2018-6874
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
Auth0 Auth0.js
7.5
CVSSv3
CVE-2017-17068
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an malicious user to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses ...
Auth0 Auth0.js
8.8
CVSSv3
CVE-2018-7307
The Auth0 Auth0.js library prior to 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Auth0 Auth0.js
4.9
CVSSv3
CVE-2020-5263
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the use...
Auth0 Auth0.js
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started