Description
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
Remediation
References
https://auth0.com/docs/security/bulletins/cve-2018-11537
Related Vulnerabilities
CVE-2023-32697 Vulnerability in maven package org.xerial:sqlite-jdbc
CVE-2021-32820 Vulnerability in npm package express-handlebars
CVE-2023-29526 Vulnerability in maven package org.xwiki.platform:xwiki-platform-rendering-async-api
CVE-2018-25031 Vulnerability in npm package swagger-ui-dist
CVE-2021-26539 Vulnerability in maven package org.webjars.npm:sanitize-html