VYPR

RubyGems package

omniauth-auth0

pkg:gem/omniauth-auth0

Vulnerabilities (1)

  • CVE-2020-15240Oct 21, 2020
    affected >= 2.3.0, < 2.4.1fixed 2.4.1

    omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by t