Home > Vulnerability Database > CVE-2020-5263

Mend.io Vulnerability Database

CVE-2020-5263

Good to know:

Date: April 10, 2020

auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability. In the case of an (authentication) error, the error object returned by the library contains the original request of the user, which may include the plaintext password the user entered. If the error object is exposed or logged without modification, the application risks password exposure. This is fixed in version 9.12.3

Language: JS

Severity Score

6.8

Related Resources (4)

Url: https://github.com/auth0/auth0.js/security/advisories/GHSA-prfq-f66g-43mp

Url: https://github.com/auth0/auth0.js/commit/355ca749b229fb93142f0b3978399b248d710828

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-5263

Url: https://www.mend.io/vulnerability-database/CVE-2020-5263

Severity Score

6.8

Weakness Type (CWE)

Insufficiently Protected Credentials

CWE-522

Top Fix

Upgrade Version

Upgrade to version v9.13.2

Learn More

CVSS v3

Base Score:	6.8
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	8.1
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-5263

Good to know:

Date: April 10, 2020

Language: JS

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?