ГлавнаяУязвимости → CVE-2026-42280
7.1высокая

CVE-2026-42280

Описание

Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token when a specifically crafted invalid ID token is provided. This vulnerability is fixed in 10.0.0.

Затрагиваемое ПО
Auth0 Auth0.js
CVSS
Балл7.1 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Источники
https://github.com/auth0/auth0.js/security/advisories/GHSA-8qjv-jj2q-x832