Description
The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles the case where the authorization response lacks the state parameter.
Remediation
References
https://auth0.com/docs/security/bulletins/cve-2018-7307
Related Vulnerabilities
CVE-2020-26272 Vulnerability in maven package org.webjars.npm:electron
CVE-2013-2135 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2017-1000104 Vulnerability in maven package org.jenkins-ci.plugins:config-file-provider
CVE-2009-0783 Vulnerability in maven package org.apache.tomcat:catalina
CVE-2022-34802 Vulnerability in maven package org.jenkins-ci.plugins:rocketchatnotifier