Description
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Remediation
References
https://auth0.com/docs/security/bulletins/cve-2018-7307
Related Vulnerabilities
CVE-2012-6153 Vulnerability in maven package commons-httpclient:commons-httpclient
CVE-2023-33246 Vulnerability in maven package org.apache.rocketmq:rocketmq-controller
CVE-2016-4970 Vulnerability in maven package io.netty:netty-handler
CVE-2020-11995 Vulnerability in maven package com.caucho:hessian
CVE-2019-10350 Vulnerability in maven package org.jenkins-ci.plugins:port-allocator