Vulnerability Database
299,184
Total vulnerabilities in the database
laravel-auth0 SDK Does Not Properly Handle File Types in Bulk User Import
Overview
In applications built with the Auth0-PHP SDK, the Bulk User Import endpoint does not validate the file path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths or URLs.
Am I affected?
You are affected by this vulnerability if you meet the following preconditions:
- Applications using the Auth0 laravel-auth0 SDK with version between 4.0.0 and 7.18.0,
- Auth0 laravel-auth0 SDK uses the Auth0-PHP SDK with versions between 3.3.0 and 8.16.0.
Fix
Upgrade Auth0 laravel-auth0 SDK to version 7.19.0 or greater.
Acknowledgement
Okta would like to thank Mohamed Amine Saidani (pwni) for discovering this vulnerability.
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime