Auth0: >> Auth0.js >> 4.2.0 Security Vulnerabilities
The Auth0 authentication service before 2017-10-15 allows privilege escalation because the JWT audience is not validated.
CVSS Score
9.8
EPSS Score
0.046
Published
2018-04-04
CSRF exists in the Auth0 authentication service through 14591 if the Legacy Lock API flag is enabled.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-04-04
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
CVSS Score
8.8
EPSS Score
0.003
Published
2018-03-06
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().
CVSS Score
7.5
EPSS Score
0.003
Published
2017-12-06