CVE-2017-17068

Name of the Vulnerable Software and Affected Versions Auth0 auth0.js library versions prior to 8.12

Description A cross-origin issue has been discovered in the Auth0 auth0.js library. This issue allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().

Recommendations For versions prior to 8.12, update to version 8.12 or later to resolve the issue. As a temporary workaround, consider avoiding the use of auth0.popup.callback() for popup callback pages until the update is applied.