Affecting auth0-js package, versions <8.0.0
Affected versions of this package are vulnerable to Privilege Escalation via the
parseHash method. It did not properly validate the
JWT audience, and therefore allowed tokens intended for one tenant to be used at another.
auth0-js to version 8.0.0 or higher.