Do your applications use this vulnerable package?
Test your applications
Overview
auth0-js
is a Client Side Javascript toolkit for Auth0 API.
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated user's tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback()
.
References
CVSS Score
5.5
medium severity
-
Attack VectorAdjacent
-
Attack ComplexityLow
-
Privileges RequiredLow
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityLow
-
IntegrityLow
-
AvailabilityLow
- Credit
- Unknown
- CVE
- CVE-2017-17068
- CWE
- CWE-265
- Snyk ID
- npm:auth0-js:20171204
- Disclosed
- 04 Dec, 2017
- Published
- 07 Dec, 2017