CVE-2021-32641: Cross-site Scripting

June 4, 2021 (updated June 16, 2021)

auth0-lock is Auth0’s signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library’s flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage or the library’s languageDictionary feature is utilized and user input or data from URL parameters is incorporated into the languageDictionary.

References

nvd.nist.gov/vuln/detail/CVE-2021-32641

Detect and mitigate CVE-2021-32641 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →