Description
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Remediation
References
https://auth0.com/docs/security/bulletins/cve-2018-7307
Related Vulnerabilities
CVE-2022-36913 Vulnerability in maven package org.jenkins-ci.plugins:openstack-heat
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http2:http2-hpack
CVE-2022-41248 Vulnerability in maven package org.jenkins-ci.plugins:bigpanda-jenkins
CVE-2017-12612 Vulnerability in maven package org.apache.spark:spark-core_2.11
CVE-2023-50779 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate