← Back to CVEs
CVE-2018-11537
N/ADescription
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
CVE Details
CVSS v3.1 ScoreN/A
Published6/19/2018
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
auth0:angular-jwt
Weaknesses (CWE)
CWE-20
References
https://auth0.com/docs/security/bulletins/cve-2018-11537(cve@mitre.org)
https://auth0.com/docs/security/bulletins/cve-2018-11537(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.