Osdiab

**Name of the Vulnerable Software and Affected Versions** auth0 versions prior to 2.27.1 **Description** The issue arises from the lack of sanitization of the `Authorization` header key in the error object, potentially exposing a bearer token when a request to the Auth0 management API fails. This affects users of the auth0 npm package who are using a Machine to Machine application authorized to use Auth0's management API. **Recommendations** For versions prior to 2.27.1, upgrade to version 2.27.1 to resolve the issue. As a temporary workaround, consider restricting access to the `Authorization` header to minimize the risk of exploitation.