dctoon commented 7 years ago

Added missing parameters client_secret and audience to the request for the Password Grant flow.

Verlic commented 7 years ago

MD5: c4103f122d27677c9db144cae1394a66

NSP - Security Report

This is an automated security audit of this project. Please do not modify its contents

Vulnerabilities found: 2 Affected Modules: uglify-js, uglify-js Summary:

Regular Expression Denial of Service
Incorrect Handling of Non-Boolean Comparisons During Minification

Detailed report

Regular Expression Denial of Service

Affected Module: uglify-js Installed version: 2.2.5 Patched versions: >=2.6.0 Advisory: https://nodesecurity.io/advisories/48 Path: auth0-authentication-api-debugger-extension@1.1.2 > auth0-oauth2-express@1.2.1 > jade@1.11.0 > transformers@2.1.0 > uglify-js@2.2.5

Incorrect Handling of Non-Boolean Comparisons During Minification

Affected Module: uglify-js Installed version: 2.2.5 Patched versions: >= 2.4.24 Advisory: https://nodesecurity.io/advisories/39 Path: auth0-authentication-api-debugger-extension@1.1.2 > auth0-oauth2-express@1.2.1 > jade@1.11.0 > transformers@2.1.0 > uglify-js@2.2.5

stale[bot] commented 6 years ago

Is this still relevant? If so, what is blocking it? Is there anything you can do to help move it forward?

auth0-extensions / auth0-authentication-api-debugger-extension

Fix missing required parameters for Password Grant flow #5

NSP - Security Report

Detailed report

Regular Expression Denial of Service

Incorrect Handling of Non-Boolean Comparisons During Minification