CVE-2020-15125

Information Exposure Through an Error Message in npm/auth0-js

Identifiers

CVE-2020-15125, GHSA-5jpf-pj32-xx53

Package Slug

npm/auth0-js

Vulnerability

Information Exposure Through an Error Message

Description

In auth0 (npm package), a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. and you are using a Machine to Machine application authorized to use Auth0's management API.

Affected Versions

All versions before 2.27.1

Solution

Upgrade to version 3.0.0 or above.

Last Modified

2020-08-05

source