search

auth0 / auth0-authorization-extension

Auth0 Extension that adds authorization features to your account
https://auth0.com/docs/extensions/authorization-extension/v2
Other
82 stars 55 forks source link

Add daily trial #373

Open jordibosch20 opened 9 months ago

jordibosch20 commented 9 months ago

PR to update dependencies to use node18 runtime

semgrep-app[bot] commented 9 months ago

Semgrep found 1 ssc-45c7ee79-f517-41e2-b61a-45743d9df9c6 finding:

Risk: Affected version of handlebars is vulnerable to Improper Neutralization Of Special Elements In Output Used By A Downstream Component ('Injection') / Improperly Controlled Modification Of Object Prototype Attributes ('Prototype Pollution'). The vulnerability allows for Prototype Pollution, potentially leading to Remote Code Execution, as templates can modify an object's__proto__ and __defineGetter__ properties, enabling attackers to execute arbitrary code using specially crafted payloads.

Fix: Upgrade this library to at least version 4.3.0 at auth0-authorization-extension/package-lock.json:17973.

Reference(s): https://github.com/advisories/GHSA-w457-6q6x-cgp9, CVE-2019-19919

Ignore this finding from ssc-45c7ee79-f517-41e2-b61a-45743d9df9c6.