CVE-2018-7307
HIGH8.8EPSS 0.20%Auth0-js bypasses CSRF checks
發布日:2018/3/7修改日:2023/11/8
描述
The Auth0.js library has a vulnerability affecting versions below 9.3 that allows an attacker to bypass the CSRF check from the state parameter if it's missing from the authorization response, leaving the client vulnerable to CSRF attacks.
受影響套件(1)
- npm/auth0-jsfrom 0, < 9.3.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |