Filtered by vendor Auth0
Subscriptions
Total
43 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-15121 | 1 Auth0 | 2 Aspnet, Aspnet-owin | 2024-11-21 | N/A |
| An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. | ||||
| CVE-2018-11537 | 1 Auth0 | 1 Angular-jwt | 2024-11-21 | N/A |
| Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain. | ||||
| CVE-2015-9235 | 1 Auth0 | 1 Jsonwebtoken | 2024-11-21 | N/A |
| In jsonwebtoken node module before 4.2.2 it is possible for an attacker to bypass verification when a token digitally signed with an asymmetric key (RS/ES family) of algorithms but instead the attacker send a token digitally signed with a symmetric algorithm (HS* family). | ||||