Description
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Remediation
References
https://auth0.com/docs/security/bulletins/cve-2018-7307
Related Vulnerabilities
CVE-2021-42357 Vulnerability in maven package org.apache.knox:gateway-service-knoxsso
CVE-2023-30528 Vulnerability in maven package org.jenkins-ci.plugins:wso2id-oauth
CVE-2017-4992 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2021-26073 Vulnerability in npm package atlassian-connect-express
CVE-2019-12421 Vulnerability in maven package org.apache.nifi:nifi-web-api