CVE-2018-7307: Cross-Site Request Forgery (CSRF)

March 6, 2018 (updated March 28, 2018)

The Auth0 Authjs library has CSRF because it mishandles the case where the authorization response lacks the state parameter.

References

auth0.com/docs/security/bulletins/cve-2018-7307
nvd.nist.gov/vuln/detail/CVE-2018-7307

Code Behaviors & Features

Detect and mitigate CVE-2018-7307 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →