← Retour aux CVEs
CVE-2018-11537
N/ADescription
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
Details CVE
Score CVSS v3.1N/A
Publie6/19/2018
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
auth0:angular-jwt
Faiblesses (CWE)
CWE-20
References
https://auth0.com/docs/security/bulletins/cve-2018-11537(cve@mitre.org)
https://auth0.com/docs/security/bulletins/cve-2018-11537(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.