RubyGems package
omniauth-auth0
pkg:gem/omniauth-auth0
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-15240 | — | >= 2.3.0, < 2.4.1 | 2.4.1 | Oct 21, 2020 | omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by t |
- CVE-2020-15240Oct 21, 2020affected >= 2.3.0, < 2.4.1fixed 2.4.1
omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method. Improper validation of the JWT token signature can allow an attacker to bypass authentication and authorization. You are affected by t