CVE-2018-11537

MEDIUM

Auth0 angular-jwt < 0.1.10 - Domain Whitelist Bypass via Regex Interpretation

Title source: llm
STIX 2.1

Description

Auth0 angular-jwt before 0.1.10 treats whiteListedDomains entries as regular expressions, which allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain whitelist filter via a crafted domain.

References (1)

Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://auth0.com/docs/security/bulletins/cve-2018-11537

Scores

CVSS v3 6.5
EPSS 0.0114
EPSS Percentile 62.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (2)
auth0/angular-jwt < 0.1.10
npm/angular-jwt 0 - 0.1.10npm
Published Jun 19, 2018
Tracked Since Feb 18, 2026