Vulnerabilities > Auth0 > Auth0 JS

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-15125 Information Exposure Through an Error Message vulnerability in Auth0 Auth0.Js
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used.
network
low complexity
auth0 CWE-209
7.7
2020-04-09 CVE-2020-5263 Insufficiently Protected Credentials vulnerability in Auth0 Auth0.Js
auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability.
network
low complexity
auth0 CWE-522
4.9
2018-04-04 CVE-2018-6874 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
network
low complexity
auth0 CWE-352
8.8
2018-04-04 CVE-2018-6873 Improper Authentication vulnerability in Auth0 Auth0.Js
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.
network
low complexity
auth0 CWE-287
critical
9.8
2018-03-06 CVE-2018-7307 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
network
low complexity
auth0 CWE-352
8.8
2017-12-06 CVE-2017-17068 Information Exposure vulnerability in Auth0 Auth0.Js
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12.
network
low complexity
auth0 CWE-200
7.5