CVE-2018-11537

Name of the Vulnerable Software and Affected Versions angular-jwt versions prior to 0.1.10

Description The issue allows remote attackers with knowledge of the jwtInterceptorProvider.whiteListedDomains setting to bypass the domain allowlist filter via a crafted domain. This is because the whiteListedDomains entries are treated as regular expressions. For example, if the setting is initialized with jwtInterceptorProvider.whiteListedDomains = ['whitelisted.Example.com'];, an attacker can set up a domain whitelistedXexample.com that will pass the allow list filter, as it considers the . separator to be a regex wildcard which matches any character.

Recommendations For versions prior to 0.1.10, update to version 0.1.10 or later to resolve the issue. As a temporary workaround, consider manually validating domains against the allowlist to prevent bypassing the filter. Restrict access to the jwtInterceptorProvider.whiteListedDomains setting to minimize the risk of exploitation. Avoid using the whiteListedDomains setting with untrusted input until the issue is resolved.