CVE-2020-15125, GHSA-5jpf-pj32-xx53
npm/auth0-js
Information Exposure Through an Error Message
In auth0 (npm package), a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. and you are using a Machine to Machine application authorized to use Auth0's management API.
All versions before 2.27.1
Upgrade to version 3.0.0 or above.
2020-08-05
source |