CVE-2021-32641

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32641

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32641.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32641

Aliases

GHSA-jr3j-whm4-9wwm

Related

GHSA-jr3j-whm4-9wwm

Published

2021-06-04T21:15:07Z

Modified

2025-01-15T01:54:24.732815Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including 11.30.0 are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's flashMessage feature is utilized and user input or data from URL parameters is incorporated into the flashMessage or the library's languageDictionary feature is utilized and user input or data from URL parameters is incorporated into the languageDictionary. The vulnerability is patched in version 11.30.1.

References

Affected packages

Git / github.com/auth0/lock

Affected ranges

Type: GIT
Repo: https://github.com/auth0/lock
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d139cf01c8234b07caf265e051f39d3eab08f7ed

Fixed

d139cf01c8234b07caf265e051f39d3eab08f7ed

Affected versions

v11.*

v11.22.4

v11.26.1

v11.28.1