CSRF in Cornelius Plack::middleware::oauth
CVE-2026-12740
Plack::Middleware::OAuth versions through 0.10 for Perl do not support the OAuth 2.0 state parameter. RequestTokenV2 builds the provider authorization redirect without issuing a state value, and AccessTokenV2 exchanges the callback code a…
Vulnerability class: CSRF (Cross-Site Request Forgery)
Affected products
- Cornelius Plack::middleware::oauth — versions 0
Weakness classification (CWE)
References
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (technical-description)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (issue-tracking)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (issue-tracking)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (patch)
- af854a3a-2127-422b-91ae-364da2661108