Vulnerabilities > Auth0 > Auth0 JS > High

DATE CVE VULNERABILITY TITLE RISK
2020-07-29 CVE-2020-15125 Information Exposure Through an Error Message vulnerability in Auth0 Auth0.Js
In auth0 (npm package) versions before 2.27.1, a DenyList of specific keys that should be sanitized from the request object contained in the error object is used.
network
low complexity
auth0 CWE-209
7.7
2018-04-04 CVE-2018-6874 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
network
low complexity
auth0 CWE-352
8.8
2018-03-06 CVE-2018-7307 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Auth0.Js
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
network
low complexity
auth0 CWE-352
8.8
2017-12-06 CVE-2017-17068 Information Exposure vulnerability in Auth0 Auth0.Js
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12.
network
low complexity
auth0 CWE-200
7.5