Laravel Auth0
Approved changes feed: RSS · Atom
cpe:2.3:a:auth0:laravel-auth0:*:*:*:*:*:laravel:*:*
part: a version: * update: *
| Vendor | Auth0 (bd827468-a826-51d4-9e05-912ec56b4756) |
|---|---|
| Product | Laravel Auth0 (169962b5-0ac7-5f75-a914-15670830ba32) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | laravel |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/auth0/laravel-auth0 |
purl2cpe | 2026-06-01 10:16:14.557724 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-68129 |
vulnerable | 2026-06-03 15:11:02.879057 |
Auth0-PHP SDK has Improper Audience Validation
MEDIUM (6.8)
Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if they use Auth0-PHP SDK versions between v8.0.0 and v8.17.0, or applications using the following SDKs that rely on the Auth0-PHP SDK versions between v8.0.0 and v8.17.0: Auth0/symfony versions between 5.0.0 and 5.5.0, Auth0/laravel-auth0 versions between 7.0.0 and 7.19.0, and/or Auth0/wordpress plugin versions between 5.0.0-BETA0 and 5.4.0. Auth0/Auth0-PHP version 8.18.0 contains a patch for the issue.
Published: 2025-12-17T22:07:35.645Z
Updated: 2025-12-18T15:07:22.780Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.