> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> CVE-2018-7307: Details about a security vulnerability identified for auth0.js < 9.3

# CVE-2018-7307: Security Vulnerability for auth0.js < 9.3

**Published**: February 26, 2018

**CVE number**: CVE-2018-7307

**Credit**: Internal

## Overview

A vulnerability has been identified in the [Auth0.js](/docs/libraries/auth0js) JavaScript library, affecting versions \< `9.3`.

This vulnerability allows an attacker to bypass the CSRF check from the [state parameter](/docs/secure/attack-protection/state-parameters) if it's missing from the authorization response, leaving the client vulnerable to CSRF attacks.

Patching this vulnerability requires a library upgrade.

## Am I affected?

If you use a version of auth0.js lower than `9.3` then you are affected by this vulnerability.

## How to fix that?

Developers using the auth0.js library need to upgrade to the version `9.3` or higher.

Updated packages are available on npm. To ensure delivery of additional bug fixes moving forward, please make sure your `package.json` file is updated to take patch and minor level updates of our libraries.

```json lines theme={null}
{
  "dependencies": {
    "auth0-js": "^9.3.0"
  }
}
```

### Will this update impact my users?

No. This fix patches the library that your application runs, but will not impact your users, their current state, or any existing sessions.