Description
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Remediation
References
https://auth0.com/docs/security/bulletins/cve-2018-7307
Related Vulnerabilities
CVE-2021-26272 Vulnerability in npm package ckeditor4-dev
CVE-2011-4838 Vulnerability in maven package jruby:jruby
CVE-2015-1808 Vulnerability in maven package org.jenkins-ci.main:jenkins-core
CVE-2022-25209 Vulnerability in maven package org.jenkins-ci.plugins:sinatra-chef-builder
CVE-2022-36944 Vulnerability in maven package org.scala-lang:scala-library