Improper Input Validation
Auth0 angular-jwt treats allow listedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.allow listedDomains setting to bypass the domain allowlist filter via a crafted domain.