> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> CVE-2019-13483: Details about a security vulnerability in Passport-SharePoint

# CVE-2019-13483: Security Vulnerability in Passport-SharePoint

**Published**: 7/23/2019

**CVE number**: CVE-2019-13483

## Overview

Versions of [Passport-SharePoint](https://github.com/auth0/passport-sharepoint) prior to **0.4.0** do not validate the <Tooltip tip="JSON Web Token (JWT): Standard ID Token format (and often Access Token format) used to represent claims securely between two parties." cta="View Glossary" href="/docs/glossary?term=JWT">JWT</Tooltip> signature of an <Tooltip tip="Access Token: Authorization credential, in the form of an opaque string or JWT, used to access an API." cta="View Glossary" href="/docs/glossary?term=Access+Token">Access Token</Tooltip> before processing.

This vulnerability allows attackers to forge tokens and bypass authentication and authorization mechanisms.

## Am I affected?

You are affected by this vulnerability if you use a [Passport-SharePoint](https://github.com/auth0/passport-sharepoint) version earlier than 0.4.0.

## How do I fix this?

Developers using the [Passport-SharePoint](https://github.com/auth0/passport-sharepoint) library must upgrade to version `0.4.0`.

Please note that Auth0 has deprecated and will no longer maintain this library. Developers should plan to discontinue its use.

### Will this update impact my users?

No. This fix patches the library that your application runs, but it will not impact your users, their current state, or any existing sessions.