CVE-2018-11537
MEDIUMAuth0 angular-jwt < 0.1.10 - Domain Whitelist Bypass via Regex Interpretation
Title source: llmDescription
Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://auth0.com/docs/security/bulletins/cve-2018-11537
Scores
CVSS v3
6.5
EPSS
0.0114
EPSS Percentile
62.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
CWE
CWE-20
Status
published
Products (2)
auth0/angular-jwt
< 0.1.10
npm/angular-jwt
0 - 0.1.10npm
Published
Jun 19, 2018
Tracked Since
Feb 18, 2026