Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:auth0:auth0.net:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "5.8.0"
},
{
"last_affected": "6.5.3"
}
]
}