Vulnerabilities > Auth0 > Omniauth Auth0

DATE CVE VULNERABILITY TITLE RISK
2020-10-21 CVE-2020-15240 Improper Verification of Cryptographic Signature vulnerability in Auth0 Omniauth-Auth0 2.3.0/2.3.1/2.4.0
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method.
network
low complexity
auth0 CWE-347
critical
9.1