Description

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.

Remediation

References

https://auth0.com/docs/security/bulletins/cve-2018-11537

Related Vulnerabilities

CVE-2020-11022 Vulnerability in maven package org.webjars:jquery

CVE-2020-15250 Vulnerability in maven package junit:junit

CVE-2014-0095 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2023-50730 Vulnerability in maven package edu.gemini:gsp-graphql-core_native0.4_3

CVE-2018-1000665 Vulnerability in maven package org.webjars.bowergithub.dojo:dojo

Severity

High

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Patch Vendor Advisory