High severity7.5NVD Advisory· Published Dec 6, 2017· Updated Jun 17, 2026
CVE-2017-17068
CVE-2017-17068
Description
A cross-origin vulnerability has been discovered in the Auth0 auth0.js library affecting versions < 8.12. This vulnerability allows an attacker to acquire authenticated users' tokens and invoke services on a user's behalf if the target site or application uses a popup callback page with auth0.popup.callback().
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
auth0-jsnpm | < 8.12.0 | 8.12.0 |
Affected products
2Patches
Vulnerability mechanics
References
5- appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068/nvdExploitIssue TrackingThird Party Advisory
- auth0.com/docs/security/bulletins/cve-2017-17068nvdIssue TrackingVendor AdvisoryWEB
- github.com/advisories/GHSA-3rpr-mg43-xhq4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-17068ghsaADVISORY
- appcheck-ng.com/appcheck-discovers-vulnerability-auth0-library-cve-2017-17068ghsaWEB
News mentions
0No linked articles in our index yet.