Description
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Remediation
References
https://auth0.com/docs/security/bulletins/cve-2018-7307
Related Vulnerabilities
CVE-2023-5720 Vulnerability in maven package io.quarkus:quarkus-project
CVE-2019-8331 Vulnerability in maven package org.webjars.bower:bootstrap
CVE-2021-36372 Vulnerability in maven package org.apache.ozone:ozone-common
CVE-2019-10347 Vulnerability in maven package javagh.jenkins:mashup-portlets-plugin
CVE-2019-3773 Vulnerability in maven package org.springframework.ws:spring-ws-core