Описание
auth0-js Privilege Escalation Vulnerability
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().
Пакеты
Наименование
auth0-js
npm
Затронутые версииВерсия исправления
< 8.12.0
8.12.0
Связанные уязвимости
CVSS3: 7.5
nvd
около 8 лет назад
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().