CVE-2018-11537

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
19/06/2018
Last modified:
23/08/2018

Description

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:auth0:angular-jwt:*:*:*:*:*:*:*:* 0.1.10 (excluding)


References to Advisories, Solutions, and Tools