CVE-2020-15125: Information Exposure Through an Error Message

July 29, 2020 (updated April 28, 2021)

In auth0 (npm package), a DenyList of specific keys that should be sanitized from the request object contained in the error object is used. and you are using a Machine to Machine application authorized to use Auth0’s management API.

References

nvd.nist.gov/vuln/detail/CVE-2020-15125

Detect and mitigate CVE-2020-15125 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →