{"id":"CVE-2019-16929","details":"Auth0 auth0.net before 6.5.4 has Incorrect Access Control because IdentityTokenValidator can be accidentally used to validate untrusted ID tokens.","aliases":["GHSA-c9cg-q8r2-xvjq"],"modified":"2026-04-02T01:44:37.552448Z","published":"2019-10-08T13:15:15.550Z","references":[{"type":"ADVISORY","url":"https://auth0.com/docs/security/bulletins/cve-2019-16929"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/auth0/auth0.net","events":[{"introduced":"0"},{"last_affected":"3a34b650de66f43094e21fa213c746b3e92f1eb7"}],"database_specific":{"versions":[{"introduced":"5.8.0"},{"last_affected":"6.5.3"}]}}],"versions":["release-5.10.0","release-5.11.0","release-6.0.0","release-6.1.0","release-6.2.0","release-6.3.0","release-6.4.0","release-6.5.0","release-6.5.1","release-6.5.2","release-6.5.3","v1.11.1","v1.11.2","v1.11.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-16929.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}