> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> CVE-2020-15125: Security update for node-auth0 library

# CVE-2020-15125: Security Update for node-auth0 Library

**Published**: July 28, 2020

**CVE number**: CVE-2020-15125

**Credit**: Omar Diab ([http://github.com/osdiab](http://github.com/osdiab))

## Overview

Versions before and including 2.27.0 use a block list of specific keys that should be sanitized from the request object contained in the error object. When a request to Auth0 <Tooltip tip="Management API: A product to allow customers to perform administrative tasks." cta="View Glossary" href="/docs/glossary?term=management+API">management API</Tooltip> fails, the key for `Authorization` header is not sanitized and the `Authorization` header value can be logged exposing a bearer token.

## Am I affected?

You are affected by this vulnerability if all of the following conditions apply:

* You are using auth0 npm package.
* You are using a Machine to Machine application authorized to use Auth0's management API Client Credentials Flow.

## How to fix that?

Upgrade to version 2.27.1.

## Will this update impact my users?

The fix provided in patch will not affect your users.